From sle-container-updates at lists.suse.com Sat Mar 1 08:03:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:03:37 +0100 (CET) Subject: SUSE-CU-2025:1418-1: Security update of containers/open-webui Message-ID: <20250301080337.8A8F3FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1418-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.45 Container Release : 7.45 Severity : important Type : security References : 1212607 1214290 1219213 1236834 1236842 1237363 1237370 1237418 1237431 CVE-2023-25435 CVE-2023-4016 CVE-2023-52356 CVE-2024-56171 CVE-2025-24928 CVE-2025-26597 CVE-2025-27113 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:753-1 Released: Fri Feb 28 17:30:35 2025 Summary: Security update for tiff Type: security Severity: moderate References: 1212607,1219213,1236834,CVE-2023-25435,CVE-2023-52356 This update for tiff fixes the following issues: - CVE-2023-25435: Heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c (bsc#1212607). - CVE-2023-52356: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (bsc#1219213). Other bugfixes: - Fixed tiff build issue on s390x as test 12 test_directory fails (bsc#1236834). The following package changes have been done: - python311-rank-bm25-0.2.2-150600.1.9 updated - libxml2-2-2.10.3-150500.5.23.1 updated - libX11-data-1.8.7-150600.3.3.1 updated - libtbb12-2021.13.0-150600.1.9 updated - libthrift-0_17_0-0.17.0-150600.1.11 updated - opencv4-cascades-data-4.10.0-150600.1.16 updated - libX11-xcb1-1.8.7-150600.3.3.1 updated - libprotobuf25_5_0-25.5-150600.2.38 updated - libtiff6-4.7.0-150600.3.8.1 updated - libX11-6-1.8.7-150600.3.3.1 updated - python311-threadpoolctl-3.5.0-150600.1.8 updated - python311-regex-2024.5.15-150600.1.11 updated - python311-rapidocr-onnxruntime-1.3.24-150600.1.10 updated - python311-psycopg2-2.9.9-150600.1.15 updated - python311-protobuf-4.25.5-150600.2.38 updated - python311-primp-0.6.3-150600.1.12 updated - python311-orjson-3.10.7-150600.1.14 updated - python311-onnxruntime-1.19.2-150600.1.9 updated - python311-mmh3-4.1.0-150600.1.12 updated - python311-langsmith-0.1.52-150600.1.11 updated - python311-importlib-resources-6.1.1-150600.1.11 updated - python311-greenlet-3.1.0-150600.1.14 updated - python311-einops-0.8.0-150600.1.8 updated - python311-ebcdic-1.1.1-150600.1.10 updated - python311-django-cache-url-3.4.5-150600.1.12 updated - python311-dill-0.3.8-150600.1.13 updated - python311-defusedxml-0.7.1-150600.1.10 updated - libprocps8-3.3.17-150000.7.42.1 updated - python311-pypandoc-1.14-150600.1.9 updated - python311-lark-1.1.9-150600.1.10 updated - python311-proto-plus-1.24.0-150600.1.13 updated - python311-opentelemetry-proto-1.27.0-150600.1.12 updated - python311-Pillow-10.4.0-150600.1.12 updated - python311-fake-useragent-1.5.1-150600.1.9 updated - python311-anyio-4.4.0-150600.1.11 updated - python311-SQLAlchemy-2.0.32-150600.1.13 updated - python311-multiprocess-0.70.16-150600.1.10 updated - python311-redis-5.0.8-150600.1.10 updated - python311-uvicorn-0.30.6-150600.1.10 updated - libarrow1700-17.0.0-150600.2.14 updated - procps-3.3.17-150000.7.42.1 updated - python311-opentelemetry-exporter-otlp-proto-common-1.27.0-150600.1.12 updated - python311-aiohttp-3.10.8-150600.1.10 updated - python311-python-pptx-1.0.2-150600.1.9 updated - python311-et_xmlfile-1.0.1-150600.1.10 updated - python311-pytest-docker-3.1.1-150600.1.11 updated - python311-duckduckgo-search-6.2.13-150600.1.9 updated - python311-APScheduler-3.10.4-150600.1.12 updated - python311-alembic-1.13.2-150600.1.10 updated - python311-googleapis-common-protos-1.63.2-150600.1.13 updated - libparquet1700-17.0.0-150600.2.14 updated - libarrow_acero1700-17.0.0-150600.2.14 updated - python311-psutil-6.0.0-150600.1.12 updated - python311-numpy1-1.26.4-150600.1.22 updated - python311-dataclasses-json-0.6.7-150600.1.11 updated - python311-typer-slim-0.12.5-150600.1.10 updated - python311-fastapi-0.114.2-150600.1.11 updated - python311-black-24.8.0-150600.1.9 updated - python311-openpyxl-3.1.5-150600.1.9 updated - libarrow_flight1700-17.0.0-150600.2.14 updated - libarrow_dataset1700-17.0.0-150600.2.14 updated - python311-torch-2.5.0-150600.1.5 updated - python311-scipy-1.14.1-150600.1.18 updated - python311-pandas-2.2.3-150600.1.23 updated - python311-joblib-1.4.2-150600.1.10 updated - python311-chroma-hnswlib-0.7.6-150600.2.8 updated - python311-Django-5.1.1-150600.1.11 updated - python311-typer-0.12.5-150600.1.10 updated - python311-openai-1.40.8-150600.1.11 updated - python311-pyarrow-17.0.0-150600.2.26 updated - python311-scikit-learn-1.5.1-150600.1.20 updated - python311-opentelemetry-exporter-otlp-proto-grpc-1.27.0-150600.1.13 updated - python311-RTFDE-0.1.1-150600.1.9 updated - python311-dj-database-url-2.3.0-150600.1.11 updated - python311-fpdf2-2.7.9-150600.1.12 updated - libopencv410-4.10.0-150600.1.16 updated - python311-tiktoken-0.7.0-150600.1.12 updated - python311-python-engineio-4.8.0-150600.1.11 updated - python311-nltk-3.9.1-150600.1.11 updated - python311-google-auth-2.34.0-150600.1.10 updated - python311-extract-msg-0.49.0-150600.1.9 updated - python311-environs-11.0.0-150600.1.11 updated - libopencv_objdetect410-4.10.0-150600.1.16 updated - libopencv_imgcodecs410-4.10.0-150600.1.16 updated - python311-python-socketio-5.11.4-150600.1.11 updated - python311-kubernetes-28.1.0-150600.1.9 updated - python311-google-auth-httplib2-0.2.0-150600.1.10 updated - python311-google-api-core-2.19.2-150600.1.13 updated - libopencv_face410-4.10.0-150600.1.16 updated - libopencv_aruco410-4.10.0-150600.1.16 updated - libopencv_ximgproc410-4.10.0-150600.1.16 updated - python311-google-api-python-client-2.143.0-150600.1.13 updated - python311-google-ai-generativelanguage-0.6.10-150600.1.13 updated - python311-av-11.0.0-150600.1.12 updated - libopencv_optflow410-4.10.0-150600.1.16 updated - libopencv_highgui410-4.10.0-150600.1.16 updated - python311-google-generativeai-0.8.2-150600.1.13 updated - python311-datasets-3.0.1-150600.1.15 updated - python311-transformers-4.44.2-150600.1.9 updated - python311-anthropic-0.33.1-150600.1.10 updated - python311-pydub-0.25.1-150600.1.11 updated - libopencv_gapi410-4.10.0-150600.1.16 updated - python311-colbert-ai-0.2.21-150600.1.15 updated - libopencv_videoio410-4.10.0-150600.1.16 updated - python311-opencv-4.10.0-150600.1.16 updated - python311-open-webui-0.3.32-150600.1.58 updated - container:registry.suse.com-bci-bci-base-15.6-98ba7d35f2614b8a698ef17e02f667dc830a6aea65fd6f99ca5d1cb2bb78435f-0 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:04:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:04:29 +0100 (CET) Subject: SUSE-IU-2025:673-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250301080429.88C2DFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:673-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.148 , suse/sle-micro/base-5.5:latest Image Release : 5.8.148 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:04:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:04:56 +0100 (CET) Subject: SUSE-IU-2025:674-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250301080456.287B2FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:674-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.285 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.285 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.148 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:05:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:05:36 +0100 (CET) Subject: SUSE-IU-2025:676-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250301080536.E4569FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:676-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.330 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.330 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.252 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:06:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:06:18 +0100 (CET) Subject: SUSE-IU-2025:677-1: Security update of suse/sle-micro/5.5 Message-ID: <20250301080618.71E56FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:677-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.250 , suse/sle-micro/5.5:latest Image Release : 5.5.250 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:06:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:06:19 +0100 (CET) Subject: SUSE-IU-2025:678-1: Security update of suse/sle-micro/5.5 Message-ID: <20250301080619.34F4CFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:678-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.252 , suse/sle-micro/5.5:latest Image Release : 5.5.252 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.148 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:10:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:10:55 +0100 (CET) Subject: SUSE-CU-2025:1425-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250301081055.64CB1FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1425-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.93 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.93 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:10:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:10:56 +0100 (CET) Subject: SUSE-CU-2025:1426-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250301081056.21ACDFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1426-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.94 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.94 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:748-1 Released: Fri Feb 28 17:14:02 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.9.14-150400.5.38.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:13:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:13:55 +0100 (CET) Subject: SUSE-CU-2025:1429-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250301081355.B4FE4FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1429-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.93 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.93 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:13:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:13:56 +0100 (CET) Subject: SUSE-CU-2025:1430-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250301081356.6A02AFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1430-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.94 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.94 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:748-1 Released: Fri Feb 28 17:14:02 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.9.14-150400.5.38.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:14:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:14:56 +0100 (CET) Subject: SUSE-CU-2025:1431-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250301081456.38243FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1431-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.5.142 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.142 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:16:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:16:50 +0100 (CET) Subject: SUSE-CU-2025:1437-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250301081650.78167FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1437-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.48 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.48 , suse/ltss/sle15.3/sle15:latest Container Release : 2.48 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:17:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:17:40 +0100 (CET) Subject: SUSE-CU-2025:1440-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250301081740.F33CFFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1440-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.26 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.26 , suse/ltss/sle15.4/sle15:latest Container Release : 2.26 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:17:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:17:41 +0100 (CET) Subject: SUSE-CU-2025:1441-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250301081741.AC76AFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1441-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.27 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.27 , suse/ltss/sle15.4/sle15:latest Container Release : 2.27 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:748-1 Released: Fri Feb 28 17:14:02 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.9.14-150400.5.38.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:19:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:19:49 +0100 (CET) Subject: SUSE-CU-2025:1442-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250301081949.9E7E6FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1442-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.16 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.16 , suse/ltss/sle15.5/sle15:latest Container Release : 4.16 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:19:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:19:50 +0100 (CET) Subject: SUSE-CU-2025:1443-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250301081950.4ADBDFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1443-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.17 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.17 , suse/ltss/sle15.5/sle15:latest Container Release : 4.17 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:22:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:22:38 +0100 (CET) Subject: SUSE-CU-2025:1452-1: Security update of bci/gcc Message-ID: <20250301082238.D999FFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1452-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.31 , bci/gcc:latest Container Release : 8.31 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:22:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:22:59 +0100 (CET) Subject: SUSE-CU-2025:1454-1: Security update of bci/golang Message-ID: <20250301082259.2FAE8FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1454-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.6 , bci/golang:1.23.6-2.34.12 , bci/golang:oldstable , bci/golang:oldstable-2.34.12 Container Release : 34.12 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:23:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:23:22 +0100 (CET) Subject: SUSE-CU-2025:1456-1: Security update of bci/golang Message-ID: <20250301082322.D0BA6FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1456-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.33 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.33 Container Release : 55.33 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:23:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:23:45 +0100 (CET) Subject: SUSE-CU-2025:1458-1: Security update of bci/golang Message-ID: <20250301082345.AF261FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1458-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.0 , bci/golang:1.24.0-1.34.12 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.12 Container Release : 34.12 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sat Mar 1 08:24:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Mar 2025 09:24:11 +0100 (CET) Subject: SUSE-CU-2025:1460-1: Security update of bci/golang Message-ID: <20250301082411.2A648FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1460-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.32 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.32 Container Release : 55.32 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:06:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:06:53 +0100 (CET) Subject: SUSE-CU-2025:1460-1: Security update of bci/golang Message-ID: <20250302080653.688BEFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1460-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.32 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.32 Container Release : 55.32 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:07:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:07:21 +0100 (CET) Subject: SUSE-CU-2025:1462-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250302080721.C1029FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1462-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.3 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.3 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:07:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:07:22 +0100 (CET) Subject: SUSE-CU-2025:1463-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250302080722.A3198FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1463-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.4 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.4 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:08:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:08:29 +0100 (CET) Subject: SUSE-CU-2025:1465-1: Security update of bci/kiwi Message-ID: <20250302080829.960A1FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1465-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.2 , bci/kiwi:latest Container Release : 22.2 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:08:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:08:30 +0100 (CET) Subject: SUSE-CU-2025:1466-1: Security update of bci/kiwi Message-ID: <20250302080830.76D90FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1466-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.3 , bci/kiwi:latest Container Release : 22.3 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-tools-2.10.3-150500.5.23.1 updated - libxml2-devel-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:09:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:09:26 +0100 (CET) Subject: SUSE-CU-2025:1470-1: Security update of bci/nodejs Message-ID: <20250302080926.4E03DFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1470-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.36 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.36 , bci/nodejs:latest Container Release : 48.36 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:08:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:08:56 +0100 (CET) Subject: SUSE-CU-2025:1468-1: Security update of suse/nginx Message-ID: <20250302080856.B1CA8FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1468-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.32 , suse/nginx:latest Container Release : 51.32 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:09:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:09:32 +0100 (CET) Subject: SUSE-CU-2025:1472-1: Security update of bci/nodejs Message-ID: <20250302080932.ABB94FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1472-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.24 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.24 Container Release : 31.24 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:08:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:08:57 +0100 (CET) Subject: SUSE-CU-2025:1469-1: Security update of suse/nginx Message-ID: <20250302080857.8B88BFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1469-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.35 , suse/nginx:latest Container Release : 51.35 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-98ba7d35f2614b8a698ef17e02f667dc830a6aea65fd6f99ca5d1cb2bb78435f-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:09:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:09:39 +0100 (CET) Subject: SUSE-CU-2025:1476-1: Security update of bci/openjdk Message-ID: <20250302080939.5A693FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1476-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-3.8 Container Release : 3.8 Severity : important Type : security References : 1214290 1236842 1237431 CVE-2023-4016 CVE-2025-26597 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:09:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:09:35 +0100 (CET) Subject: SUSE-CU-2025:1474-1: Security update of bci/openjdk-devel Message-ID: <20250302080935.C6918FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1474-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-3.13 Container Release : 3.13 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:745-1 Released: Fri Feb 28 15:54:49 2025 Summary: Recommended update for apache-commons-cli Type: recommended Severity: moderate References: This update for apache-commons-cli fixes the following issues: - Update to 1.9.0: * New features: + Add OptionGroup.isSelected(). + You can now extend HelpFormatter.Builder. + Add 'since' attribute to Option to track when an Option was introduced * Fixed bugs: + Fix Javadoc pathing + Updated properties documentation #285. + Deprecation not always reported #284. + Replace internal StringBuffer with StringBuilder. * Updates: + Bump org.apache.commons:commons-parent from 70 to 72 - Update to 1.8.0: * Fix Javadoc pathing - Updated apache-commons-cli-build.xml to new version. - Update to 1.7: * New features: - Add and use a Converter interface and implementations without using BeanUtils - Add Maven property project.build.outputTimestamp for build reproducibility. - Add '-' as an option char and implemented extensive tests - Make adding OptionGroups and Options to existing Options easier - Added Supplier; defaults for getParsedOptionValue - Make Option.getKey() public - Add builder factory CommandLine#builder(). * Fixes: - Inconsistent behavior in key/value pairs (Java property style). Util.stripLeadingAndTrailingQuotes(String). - Awkward behavior of Option.builder() for multiple optional args. - Properties from multiple arguments with value separator. - Fix for expected textual date values. - Option.Builder.option('') should throw IllegalArgumentException instead of ArrayIndexOutOfBoundsException. - Avoid NullPointerException in CommandLine.getOptionValues(Option|String). * Updates: - Bump commons-parent from 64 to 69 - Update the tests to JUnit 5 - Bump tests commons-io:commons-io from 2.16.0 to 2.16.1 - Includes changes from version 1.6: * Fixes: - [StepSecurity] ci: Harden GitHub Actions - Inconsistent date format in changes report. - Fix NPE in CommandLine.resolveOption(String). - CommandLine.addOption(Option) should not allow a null Option. - CommandLine.addArgs(String) should not allow a null String. - Site docs: 'Usage Scenarios' refers to deprecated methods. - NullPointerException thrown by CommandLineParser.parse(). - StringIndexOutOfBoundsException thrown by CommandLineParser.parse(). * Updates: - Fix SpotBugs Error: Medium: Method intentionally throws RuntimeException. [org.apache.commons.cli.Option] At Option.java:[lines 417-423] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION - Fix SpotBugs Error: Medium: Method intentionally throws RuntimeException. [org.apache.commons.cli.Option] At Option.java:[lines 446-450] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION - Fix SpotBugs Error: Medium: Method intentionally throws RuntimeException. [org.apache.commons.cli.Option] At Option.java:[lines 474-478] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION - Use EMPTY_STRING_ARRAY constant. - Fix site links that are broken - Add github/codeql-action. - Use %patch -P N instead of deprecated %patchN. - Build with java source/target levels 8 The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated - apache-commons-cli-1.9.0-150200.3.9.1 updated - container:bci-openjdk-17-decae34717581db3d5819c9ebea069d8670e91c89b92bcb428bc659efcfa5ea7-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:10:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:10:21 +0100 (CET) Subject: SUSE-CU-2025:1478-1: Security update of bci/openjdk-devel Message-ID: <20250302081021.1EE39FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1478-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.15 , bci/openjdk-devel:latest Container Release : 33.15 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:745-1 Released: Fri Feb 28 15:54:49 2025 Summary: Recommended update for apache-commons-cli Type: recommended Severity: moderate References: This update for apache-commons-cli fixes the following issues: - Update to 1.9.0: * New features: + Add OptionGroup.isSelected(). + You can now extend HelpFormatter.Builder. + Add 'since' attribute to Option to track when an Option was introduced * Fixed bugs: + Fix Javadoc pathing + Updated properties documentation #285. + Deprecation not always reported #284. + Replace internal StringBuffer with StringBuilder. * Updates: + Bump org.apache.commons:commons-parent from 70 to 72 - Update to 1.8.0: * Fix Javadoc pathing - Updated apache-commons-cli-build.xml to new version. - Update to 1.7: * New features: - Add and use a Converter interface and implementations without using BeanUtils - Add Maven property project.build.outputTimestamp for build reproducibility. - Add '-' as an option char and implemented extensive tests - Make adding OptionGroups and Options to existing Options easier - Added Supplier; defaults for getParsedOptionValue - Make Option.getKey() public - Add builder factory CommandLine#builder(). * Fixes: - Inconsistent behavior in key/value pairs (Java property style). Util.stripLeadingAndTrailingQuotes(String). - Awkward behavior of Option.builder() for multiple optional args. - Properties from multiple arguments with value separator. - Fix for expected textual date values. - Option.Builder.option('') should throw IllegalArgumentException instead of ArrayIndexOutOfBoundsException. - Avoid NullPointerException in CommandLine.getOptionValues(Option|String). * Updates: - Bump commons-parent from 64 to 69 - Update the tests to JUnit 5 - Bump tests commons-io:commons-io from 2.16.0 to 2.16.1 - Includes changes from version 1.6: * Fixes: - [StepSecurity] ci: Harden GitHub Actions - Inconsistent date format in changes report. - Fix NPE in CommandLine.resolveOption(String). - CommandLine.addOption(Option) should not allow a null Option. - CommandLine.addArgs(String) should not allow a null String. - Site docs: 'Usage Scenarios' refers to deprecated methods. - NullPointerException thrown by CommandLineParser.parse(). - StringIndexOutOfBoundsException thrown by CommandLineParser.parse(). * Updates: - Fix SpotBugs Error: Medium: Method intentionally throws RuntimeException. [org.apache.commons.cli.Option] At Option.java:[lines 417-423] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION - Fix SpotBugs Error: Medium: Method intentionally throws RuntimeException. [org.apache.commons.cli.Option] At Option.java:[lines 446-450] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION - Fix SpotBugs Error: Medium: Method intentionally throws RuntimeException. [org.apache.commons.cli.Option] At Option.java:[lines 474-478] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION - Use EMPTY_STRING_ARRAY constant. - Fix site links that are broken - Add github/codeql-action. - Use %patch -P N instead of deprecated %patchN. - Build with java source/target levels 8 The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated - apache-commons-cli-1.9.0-150200.3.9.1 updated - container:bci-openjdk-21-1cf3769b8140397370c85970dd91618401e9ff7aae4ed119707b610a1488a6a0-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:10:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:10:59 +0100 (CET) Subject: SUSE-CU-2025:1480-1: Security update of bci/openjdk Message-ID: <20250302081059.7E3F4FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1480-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.8 , bci/openjdk:latest Container Release : 33.8 Severity : important Type : security References : 1214290 1236842 1237431 CVE-2023-4016 CVE-2025-26597 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:11:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:11:26 +0100 (CET) Subject: SUSE-CU-2025:1482-1: Security update of suse/pcp Message-ID: <20250302081126.11A94FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1482-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.36 , suse/pcp:latest Container Release : 42.36 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:11:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:11:26 +0100 (CET) Subject: SUSE-CU-2025:1483-1: Security update of suse/pcp Message-ID: <20250302081126.E6A1CFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1483-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.40 , suse/pcp:latest Container Release : 42.40 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:bci-bci-init-15.6-411023597944fa2c96652e35e659eb8efde50bf9d4e8be96b19c9b2a56690f14-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:11:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:11:56 +0100 (CET) Subject: SUSE-CU-2025:1484-1: Security update of bci/php-apache Message-ID: <20250302081156.E39CBFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1484-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.37 , bci/php-apache:latest Container Release : 48.37 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-98ba7d35f2614b8a698ef17e02f667dc830a6aea65fd6f99ca5d1cb2bb78435f-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:12:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:12:25 +0100 (CET) Subject: SUSE-CU-2025:1485-1: Security update of bci/php-fpm Message-ID: <20250302081225.5E28EFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1485-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.37 , bci/php-fpm:latest Container Release : 48.37 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-98ba7d35f2614b8a698ef17e02f667dc830a6aea65fd6f99ca5d1cb2bb78435f-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:12:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:12:52 +0100 (CET) Subject: SUSE-CU-2025:1486-1: Security update of bci/php Message-ID: <20250302081252.DAE03FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1486-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.32 , bci/php:latest Container Release : 48.32 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-98ba7d35f2614b8a698ef17e02f667dc830a6aea65fd6f99ca5d1cb2bb78435f-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:13:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:13:22 +0100 (CET) Subject: SUSE-CU-2025:1487-1: Security update of suse/postgres Message-ID: <20250302081322.1B678FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1487-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-60.13 Container Release : 60.13 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:13:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:13:32 +0100 (CET) Subject: SUSE-CU-2025:1488-1: Security update of suse/postgres Message-ID: <20250302081332.F234AFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1488-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-41.12 , suse/postgres:latest Container Release : 41.12 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 08:14:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 09:14:11 +0100 (CET) Subject: SUSE-CU-2025:1489-1: Security update of bci/python Message-ID: <20250302081411.2B41DFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1489-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-61.33 Container Release : 61.33 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:54:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:54:39 +0100 (CET) Subject: SUSE-CU-2025:1489-1: Security update of bci/python Message-ID: <20250302125439.13ABCFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1489-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-61.33 Container Release : 61.33 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:55:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:55:11 +0100 (CET) Subject: SUSE-CU-2025:1491-1: Security update of bci/python Message-ID: <20250302125511.C101DFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1491-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-62.8 , bci/python:latest Container Release : 62.8 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:55:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:55:41 +0100 (CET) Subject: SUSE-CU-2025:1493-1: Security update of bci/python Message-ID: <20250302125541.E3E99FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1493-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.34 Container Release : 60.34 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:56:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:56:04 +0100 (CET) Subject: SUSE-CU-2025:1495-1: Security update of suse/mariadb Message-ID: <20250302125604.B541FFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1495-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.19 , suse/mariadb:latest Container Release : 62.19 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:56:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:56:20 +0100 (CET) Subject: SUSE-CU-2025:1496-1: Security update of suse/rmt-server Message-ID: <20250302125620.F3B78FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1496-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-37.5 , suse/rmt-server:latest Container Release : 37.5 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-98ba7d35f2614b8a698ef17e02f667dc830a6aea65fd6f99ca5d1cb2bb78435f-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:56:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:56:49 +0100 (CET) Subject: SUSE-CU-2025:1497-1: Security update of bci/ruby Message-ID: <20250302125649.58EA5FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1497-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.36 , bci/ruby:latest Container Release : 31.36 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:57:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:57:54 +0100 (CET) Subject: SUSE-CU-2025:1501-1: Security update of containers/apache-tomcat Message-ID: <20250302125754.6134AFCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1501-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.32 Container Release : 62.32 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:57:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:57:56 +0100 (CET) Subject: SUSE-CU-2025:1502-1: Security update of containers/apache-tomcat Message-ID: <20250302125756.37EF6FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1502-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.33 Container Release : 62.33 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:58:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:58:09 +0100 (CET) Subject: SUSE-CU-2025:1503-1: Security update of containers/apache-tomcat Message-ID: <20250302125809.42DA0FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1503-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.32 Container Release : 62.32 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:58:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:58:10 +0100 (CET) Subject: SUSE-CU-2025:1504-1: Security update of containers/apache-tomcat Message-ID: <20250302125810.C882CFCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1504-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.33 Container Release : 62.33 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:58:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:58:24 +0100 (CET) Subject: SUSE-CU-2025:1505-1: Security update of containers/apache-tomcat Message-ID: <20250302125824.C8236FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1505-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.32 Container Release : 62.32 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:58:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:58:26 +0100 (CET) Subject: SUSE-CU-2025:1506-1: Security update of containers/apache-tomcat Message-ID: <20250302125826.A20DCFCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1506-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.33 Container Release : 62.33 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:58:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:58:36 +0100 (CET) Subject: SUSE-CU-2025:1507-1: Security update of containers/apache-tomcat Message-ID: <20250302125836.E89E7FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1507-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.33 Container Release : 62.33 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:58:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:58:40 +0100 (CET) Subject: SUSE-CU-2025:1508-1: Security update of containers/apache-tomcat Message-ID: <20250302125840.09547FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1508-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.36 Container Release : 62.36 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:58:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:58:50 +0100 (CET) Subject: SUSE-CU-2025:1509-1: Security update of containers/apache-tomcat Message-ID: <20250302125850.4F0E1FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1509-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.33 Container Release : 62.33 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:58:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:58:51 +0100 (CET) Subject: SUSE-CU-2025:1510-1: Security update of containers/apache-tomcat Message-ID: <20250302125851.97346FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1510-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.34 Container Release : 62.34 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:59:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:59:04 +0100 (CET) Subject: SUSE-CU-2025:1511-1: Security update of containers/apache-tomcat Message-ID: <20250302125904.80D53FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1511-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.33 Container Release : 62.33 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:59:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:59:05 +0100 (CET) Subject: SUSE-CU-2025:1512-1: Security update of containers/apache-tomcat Message-ID: <20250302125905.D3F3CFCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1512-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.34 Container Release : 62.34 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:59:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:59:17 +0100 (CET) Subject: SUSE-CU-2025:1513-1: Security update of containers/apache-tomcat Message-ID: <20250302125917.73FF1FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1513-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.33 Container Release : 62.33 Severity : moderate Type : security References : 1237431 CVE-2025-26597 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). The following package changes have been done: - libX11-data-1.8.7-150600.3.3.1 updated - libX11-6-1.8.7-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:59:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:59:20 +0100 (CET) Subject: SUSE-CU-2025:1514-1: Security update of containers/apache-tomcat Message-ID: <20250302125920.7C84DFCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1514-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.36 Container Release : 62.36 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 12:59:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 13:59:29 +0100 (CET) Subject: SUSE-CU-2025:1515-1: Security update of containers/python Message-ID: <20250302125929.DBDE0FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1515-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-44.30 Container Release : 44.30 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:14:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:14:40 +0100 (CET) Subject: SUSE-CU-2025:1515-1: Security update of containers/python Message-ID: <20250302131440.0C25BFCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1515-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-44.30 Container Release : 44.30 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:14:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:14:50 +0100 (CET) Subject: SUSE-CU-2025:1517-1: Security update of containers/python Message-ID: <20250302131450.7C29CFCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1517-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.31 Container Release : 51.31 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:15:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:15:32 +0100 (CET) Subject: SUSE-CU-2025:1519-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250302131532.8D91EFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1519-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.9 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.9 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-98ba7d35f2614b8a698ef17e02f667dc830a6aea65fd6f99ca5d1cb2bb78435f-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:15:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:15:58 +0100 (CET) Subject: SUSE-CU-2025:1520-1: Security update of suse/sle15 Message-ID: <20250302131558.8408FFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1520-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.15 , suse/sle15:15.6 , suse/sle15:15.6.47.20.15 Container Release : 47.20.15 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:16:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:16:30 +0100 (CET) Subject: SUSE-CU-2025:1521-1: Recommended update of bci/spack Message-ID: <20250302131630.D0938FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1521-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.1 , bci/spack:latest Container Release : 5.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:717-1 Released: Wed Feb 26 06:38:58 2025 Summary: Recommended update for spack Type: recommended Severity: moderate References: This update for spack fixes the following issues: - spack was updated from version 0.23.0 to version 0.23.1: * Fixed a correctness issue of `ArchSpec.intersects`. * Make extra_attributes order independent in Spec hashing. * Fixed issue where system proxy settings were not respected in OCI build caches. * Fixed an issue where the `--test` concretizer flag was not forwarded correctly. * Ensure proper UTF-8 encoding/decoding in logging. * Fixed issues related `to filter_file`. * Fixed an issue related to creating bootstrap source mirrors. * Fixed an issue where command line config arguments were not always top level. * Fixed an incorrect typehint of `concretized()`. * Improved mention of next Spack version in warning. Tests: fixed forward compatibility with Python 3.13. * Docs: encourage use of `--oci-username-variable` and `--oci-password-variable`. * Docs: ensure Getting Started has bootstrap list output in correct place. The following package changes have been done: - spack-recipes-0.23.1-150400.24.1 updated - spack-0.23.1-150400.24.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:16:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:16:31 +0100 (CET) Subject: SUSE-CU-2025:1522-1: Security update of bci/spack Message-ID: <20250302131631.9CF4DFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1522-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.3 , bci/spack:latest Container Release : 5.3 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.10.3-150500.5.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-98ba7d35f2614b8a698ef17e02f667dc830a6aea65fd6f99ca5d1cb2bb78435f-0 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:16:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:16:52 +0100 (CET) Subject: SUSE-CU-2025:1529-1: Security update of bci/python Message-ID: <20250302131652.CDDF4FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1529-1 Container Tags : bci/python:3.13 , bci/python:3.13.0 , bci/python:3.13.0-4.40 Container Release : 4.40 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:16:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:16:54 +0100 (CET) Subject: SUSE-CU-2025:1532-1: Security update of bci/ruby Message-ID: <20250302131654.A4FC6FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1532-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-3.6 Container Release : 3.6 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:18:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:18:11 +0100 (CET) Subject: SUSE-CU-2025:1537-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250302131811.47C2EFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1537-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.30 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.30 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:748-1 Released: Fri Feb 28 17:14:02 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - python3-libxml2-2.9.14-150400.5.38.1 updated - container:sles15-ltss-image-15.4.0-2.26 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:18:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:18:57 +0100 (CET) Subject: SUSE-CU-2025:1539-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250302131857.00F2CFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1539-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.31 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.50.31 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated - container:sles15-ltss-image-15.4.0-2.26 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:18:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:18:57 +0100 (CET) Subject: SUSE-CU-2025:1540-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250302131857.99F2DFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1540-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.32 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.50.32 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:748-1 Released: Fri Feb 28 17:14:02 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.9.14-150400.5.38.1 updated - container:sles15-ltss-image-15.4.0-2.27 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:19:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:19:39 +0100 (CET) Subject: SUSE-CU-2025:1542-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20250302131939.17975FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1542-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.14 , suse/manager/4.3/proxy-squid:4.3.14.9.59.20 , suse/manager/4.3/proxy-squid:latest Container Release : 9.59.20 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:748-1 Released: Fri Feb 28 17:14:02 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - libxml2-2-2.9.14-150400.5.38.1 updated - container:sles15-ltss-image-15.4.0-2.27 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:22:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:22:24 +0100 (CET) Subject: SUSE-CU-2025:1547-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250302132224.8E0D0FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1547-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.86 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.86 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Sun Mar 2 13:26:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Mar 2025 14:26:12 +0100 (CET) Subject: SUSE-CU-2025:1549-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250302132612.D4A26FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1549-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.88 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.88 Severity : important Type : security References : 1214290 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libprocps8-3.3.17-150000.7.42.1 updated - procps-3.3.17-150000.7.42.1 updated From sle-container-updates at lists.suse.com Mon Mar 3 08:05:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Mar 2025 09:05:37 +0100 (CET) Subject: SUSE-CU-2025:1550-1: Recommended update of bci/kiwi Message-ID: <20250303080537.C7F10FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1550-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.6 , bci/kiwi:latest Container Release : 22.6 Severity : moderate Type : recommended References : 1228343 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:761-1 Released: Mon Mar 3 04:47:08 2025 Summary: Recommended update for qemu Type: recommended Severity: moderate References: 1228343 This update for qemu fixes the following issues: - Updated to version 8.2.9: * Target architecture updates: Fixes for ARM, s390x, RISC-V, PPC, i386, Loongarch, and OpenRISC. These include handling interrupts, memory management, and specific instruction issues. * Device emulation improvements: Updates for USB, PCI, NVMe, Virtio-net, SCSI, and the CANOKEY hardware. * Miscellaneous: Fixes for GDB stub, TCG, the cryptodev backend, and documentation. * Full changelog here: https://lore.kernel.org/qemu-devel/568115c5-8908-4931-aae0-a57bf542f68a at tls.msk.ru/ - Other bugs fixed: * Fixed issue with guests failing to boot on AMD Turin (bsc#1228343) The following package changes have been done: - qemu-pr-helper-8.2.9-150600.3.28.1 updated - qemu-img-8.2.9-150600.3.28.1 updated - qemu-tools-8.2.9-150600.3.28.1 updated From sle-container-updates at lists.suse.com Tue Mar 4 08:10:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Mar 2025 09:10:07 +0100 (CET) Subject: SUSE-CU-2025:1556-1: Security update of bci/kiwi Message-ID: <20250304081007.B0969FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1556-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.7 , bci/kiwi:latest Container Release : 22.7 Severity : moderate Type : security References : 1236974 CVE-2024-12243 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The following package changes have been done: - libgnutls30-3.8.3-150600.4.6.2 updated From sle-container-updates at lists.suse.com Tue Mar 4 08:10:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Mar 2025 09:10:37 +0100 (CET) Subject: SUSE-CU-2025:1557-1: Security update of bci/php-apache Message-ID: <20250304081037.BFFAFFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1557-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.38 , bci/php-apache:latest Container Release : 48.38 Severity : moderate Type : security References : 1236974 CVE-2024-12243 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The following package changes have been done: - libgnutls30-3.8.3-150600.4.6.2 updated From sle-container-updates at lists.suse.com Tue Mar 4 08:11:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Mar 2025 09:11:01 +0100 (CET) Subject: SUSE-CU-2025:1558-1: Security update of bci/php-fpm Message-ID: <20250304081101.5DFF6FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1558-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.38 , bci/php-fpm:latest Container Release : 48.38 Severity : moderate Type : security References : 1236974 CVE-2024-12243 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The following package changes have been done: - libgnutls30-3.8.3-150600.4.6.2 updated From sle-container-updates at lists.suse.com Tue Mar 4 08:03:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Mar 2025 09:03:42 +0100 (CET) Subject: SUSE-CU-2025:1553-1: Security update of containers/open-webui Message-ID: <20250304080342.F234BFCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1553-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.46 Container Release : 7.46 Severity : moderate Type : security References : 1236974 CVE-2024-12243 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The following package changes have been done: - opencv4-cascades-data-4.10.0-150600.1.17 updated - python311-rapidocr-onnxruntime-1.3.24-150600.1.11 updated - python311-greenlet-3.1.0-150600.1.15 updated - python311-dill-0.3.8-150600.1.14 updated - libgnutls30-3.8.3-150600.4.6.2 updated - python311-SQLAlchemy-2.0.32-150600.1.14 updated - python311-multiprocess-0.70.16-150600.1.11 updated - libarrow1700-17.0.0-150600.2.15 updated - python311-pytest-docker-3.1.1-150600.1.12 updated - python311-APScheduler-3.10.4-150600.1.13 updated - python311-alembic-1.13.2-150600.1.11 updated - libparquet1700-17.0.0-150600.2.15 updated - libarrow_acero1700-17.0.0-150600.2.15 updated - python311-fastapi-0.114.2-150600.1.12 updated - libarrow_flight1700-17.0.0-150600.2.15 updated - libarrow_dataset1700-17.0.0-150600.2.15 updated - python311-torch-2.5.0-150600.1.6 updated - python311-pyarrow-17.0.0-150600.2.27 updated - python311-fpdf2-2.7.9-150600.1.13 updated - libopencv410-4.10.0-150600.1.17 updated - python311-python-engineio-4.8.0-150600.1.12 updated - libopencv_objdetect410-4.10.0-150600.1.17 updated - libopencv_imgcodecs410-4.10.0-150600.1.17 updated - python311-python-socketio-5.11.4-150600.1.12 updated - libopencv_face410-4.10.0-150600.1.17 updated - libopencv_aruco410-4.10.0-150600.1.17 updated - libopencv_ximgproc410-4.10.0-150600.1.17 updated - python311-av-11.0.0-150600.1.13 updated - libopencv_optflow410-4.10.0-150600.1.17 updated - libopencv_highgui410-4.10.0-150600.1.17 updated - python311-datasets-3.0.1-150600.1.16 updated - python311-pydub-0.25.1-150600.1.12 updated - libopencv_gapi410-4.10.0-150600.1.17 updated - python311-colbert-ai-0.2.21-150600.1.16 updated - libopencv_videoio410-4.10.0-150600.1.17 updated - python311-opencv-4.10.0-150600.1.17 updated - python311-open-webui-0.3.32-150600.1.59 updated From sle-container-updates at lists.suse.com Tue Mar 4 08:11:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Mar 2025 09:11:28 +0100 (CET) Subject: SUSE-CU-2025:1559-1: Security update of bci/php Message-ID: <20250304081128.DEF0FFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1559-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.33 , bci/php:latest Container Release : 48.33 Severity : moderate Type : security References : 1236974 CVE-2024-12243 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The following package changes have been done: - libgnutls30-3.8.3-150600.4.6.2 updated From sle-container-updates at lists.suse.com Tue Mar 4 08:12:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Mar 2025 09:12:50 +0100 (CET) Subject: SUSE-CU-2025:1560-1: Security update of bci/spack Message-ID: <20250304081250.B7160FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1560-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.4 , bci/spack:latest Container Release : 5.4 Severity : moderate Type : security References : 1236974 CVE-2024-12243 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The following package changes have been done: - libgnutls30-3.8.3-150600.4.6.2 updated From sle-container-updates at lists.suse.com Tue Mar 4 08:12:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Mar 2025 09:12:53 +0100 (CET) Subject: SUSE-CU-2025:1561-1: Security update of bci/spack Message-ID: <20250304081253.40A7FFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1561-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-6.5 Container Release : 6.5 Severity : moderate Type : security References : 1236974 CVE-2024-12243 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The following package changes have been done: - libgnutls30-3.8.3-150600.4.6.2 updated From sle-container-updates at lists.suse.com Wed Mar 5 08:07:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Mar 2025 09:07:11 +0100 (CET) Subject: SUSE-CU-2025:1571-1: Recommended update of containers/apache-tomcat Message-ID: <20250305080711.53783FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1571-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.36 Container Release : 62.36 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:777-1 Released: Tue Mar 4 15:58:09 2025 Summary: Recommended update for apache-commons-daemon Type: recommended Severity: moderate References: This update for apache-commons-daemon fixes the following issues: - Upgrade to 1.4.0 * Fixes: + [StepSecurity] ci: Harden GitHub Actions + Procrun: Enable Control Flow Guard for Windows binaries. + Procrun: Better label for command used to start service shown in Prunmgr.exe. + jsvc: Fix warnings when running support/buildconf.sh + jsvc: Fix compilation issue with newer compilers. Fixes + Procrun: Refactor UAC support so that elevation is only requested for actions that require administrator privileges. * New Features: + Procrun: Add support for hybrid CRT builds. + jsvc: Add support for LoongArch64 support. * Update dependencies: + The minimum support Java version has been upgraded from Java 7 to Java 8. - Use %patch -P N instead of deprecated %patchN. - Disable LTO to avoid undefined symbols on some platforms The following package changes have been done: - apache-commons-daemon-1.4.0-150200.11.17.1 updated From sle-container-updates at lists.suse.com Wed Mar 5 08:07:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Mar 2025 09:07:28 +0100 (CET) Subject: SUSE-CU-2025:1572-1: Recommended update of containers/apache-tomcat Message-ID: <20250305080728.58C27FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1572-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.36 Container Release : 62.36 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:777-1 Released: Tue Mar 4 15:58:09 2025 Summary: Recommended update for apache-commons-daemon Type: recommended Severity: moderate References: This update for apache-commons-daemon fixes the following issues: - Upgrade to 1.4.0 * Fixes: + [StepSecurity] ci: Harden GitHub Actions + Procrun: Enable Control Flow Guard for Windows binaries. + Procrun: Better label for command used to start service shown in Prunmgr.exe. + jsvc: Fix warnings when running support/buildconf.sh + jsvc: Fix compilation issue with newer compilers. Fixes + Procrun: Refactor UAC support so that elevation is only requested for actions that require administrator privileges. * New Features: + Procrun: Add support for hybrid CRT builds. + jsvc: Add support for LoongArch64 support. * Update dependencies: + The minimum support Java version has been upgraded from Java 7 to Java 8. - Use %patch -P N instead of deprecated %patchN. - Disable LTO to avoid undefined symbols on some platforms The following package changes have been done: - apache-commons-daemon-1.4.0-150200.11.17.1 updated From sle-container-updates at lists.suse.com Wed Mar 5 08:07:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Mar 2025 09:07:46 +0100 (CET) Subject: SUSE-CU-2025:1573-1: Recommended update of containers/apache-tomcat Message-ID: <20250305080746.68826FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1573-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.36 Container Release : 62.36 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:777-1 Released: Tue Mar 4 15:58:09 2025 Summary: Recommended update for apache-commons-daemon Type: recommended Severity: moderate References: This update for apache-commons-daemon fixes the following issues: - Upgrade to 1.4.0 * Fixes: + [StepSecurity] ci: Harden GitHub Actions + Procrun: Enable Control Flow Guard for Windows binaries. + Procrun: Better label for command used to start service shown in Prunmgr.exe. + jsvc: Fix warnings when running support/buildconf.sh + jsvc: Fix compilation issue with newer compilers. Fixes + Procrun: Refactor UAC support so that elevation is only requested for actions that require administrator privileges. * New Features: + Procrun: Add support for hybrid CRT builds. + jsvc: Add support for LoongArch64 support. * Update dependencies: + The minimum support Java version has been upgraded from Java 7 to Java 8. - Use %patch -P N instead of deprecated %patchN. - Disable LTO to avoid undefined symbols on some platforms The following package changes have been done: - apache-commons-daemon-1.4.0-150200.11.17.1 updated From sle-container-updates at lists.suse.com Wed Mar 5 08:08:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Mar 2025 09:08:00 +0100 (CET) Subject: SUSE-CU-2025:1574-1: Recommended update of containers/apache-tomcat Message-ID: <20250305080800.2E933FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1574-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.37 Container Release : 62.37 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:777-1 Released: Tue Mar 4 15:58:09 2025 Summary: Recommended update for apache-commons-daemon Type: recommended Severity: moderate References: This update for apache-commons-daemon fixes the following issues: - Upgrade to 1.4.0 * Fixes: + [StepSecurity] ci: Harden GitHub Actions + Procrun: Enable Control Flow Guard for Windows binaries. + Procrun: Better label for command used to start service shown in Prunmgr.exe. + jsvc: Fix warnings when running support/buildconf.sh + jsvc: Fix compilation issue with newer compilers. Fixes + Procrun: Refactor UAC support so that elevation is only requested for actions that require administrator privileges. * New Features: + Procrun: Add support for hybrid CRT builds. + jsvc: Add support for LoongArch64 support. * Update dependencies: + The minimum support Java version has been upgraded from Java 7 to Java 8. - Use %patch -P N instead of deprecated %patchN. - Disable LTO to avoid undefined symbols on some platforms The following package changes have been done: - apache-commons-daemon-1.4.0-150200.11.17.1 updated From sle-container-updates at lists.suse.com Wed Mar 5 08:08:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Mar 2025 09:08:15 +0100 (CET) Subject: SUSE-CU-2025:1575-1: Recommended update of containers/apache-tomcat Message-ID: <20250305080815.2C18CFCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1575-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.37 Container Release : 62.37 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:777-1 Released: Tue Mar 4 15:58:09 2025 Summary: Recommended update for apache-commons-daemon Type: recommended Severity: moderate References: This update for apache-commons-daemon fixes the following issues: - Upgrade to 1.4.0 * Fixes: + [StepSecurity] ci: Harden GitHub Actions + Procrun: Enable Control Flow Guard for Windows binaries. + Procrun: Better label for command used to start service shown in Prunmgr.exe. + jsvc: Fix warnings when running support/buildconf.sh + jsvc: Fix compilation issue with newer compilers. Fixes + Procrun: Refactor UAC support so that elevation is only requested for actions that require administrator privileges. * New Features: + Procrun: Add support for hybrid CRT builds. + jsvc: Add support for LoongArch64 support. * Update dependencies: + The minimum support Java version has been upgraded from Java 7 to Java 8. - Use %patch -P N instead of deprecated %patchN. - Disable LTO to avoid undefined symbols on some platforms The following package changes have been done: - apache-commons-daemon-1.4.0-150200.11.17.1 updated From sle-container-updates at lists.suse.com Wed Mar 5 08:08:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Mar 2025 09:08:28 +0100 (CET) Subject: SUSE-CU-2025:1576-1: Recommended update of containers/apache-tomcat Message-ID: <20250305080828.DD813FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1576-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.37 Container Release : 62.37 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:777-1 Released: Tue Mar 4 15:58:09 2025 Summary: Recommended update for apache-commons-daemon Type: recommended Severity: moderate References: This update for apache-commons-daemon fixes the following issues: - Upgrade to 1.4.0 * Fixes: + [StepSecurity] ci: Harden GitHub Actions + Procrun: Enable Control Flow Guard for Windows binaries. + Procrun: Better label for command used to start service shown in Prunmgr.exe. + jsvc: Fix warnings when running support/buildconf.sh + jsvc: Fix compilation issue with newer compilers. Fixes + Procrun: Refactor UAC support so that elevation is only requested for actions that require administrator privileges. * New Features: + Procrun: Add support for hybrid CRT builds. + jsvc: Add support for LoongArch64 support. * Update dependencies: + The minimum support Java version has been upgraded from Java 7 to Java 8. - Use %patch -P N instead of deprecated %patchN. - Disable LTO to avoid undefined symbols on some platforms The following package changes have been done: - apache-commons-daemon-1.4.0-150200.11.17.1 updated From sle-container-updates at lists.suse.com Wed Mar 5 08:08:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Mar 2025 09:08:41 +0100 (CET) Subject: SUSE-CU-2025:1577-1: Recommended update of containers/apache-tomcat Message-ID: <20250305080841.4D6B6FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1577-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.37 Container Release : 62.37 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:777-1 Released: Tue Mar 4 15:58:09 2025 Summary: Recommended update for apache-commons-daemon Type: recommended Severity: moderate References: This update for apache-commons-daemon fixes the following issues: - Upgrade to 1.4.0 * Fixes: + [StepSecurity] ci: Harden GitHub Actions + Procrun: Enable Control Flow Guard for Windows binaries. + Procrun: Better label for command used to start service shown in Prunmgr.exe. + jsvc: Fix warnings when running support/buildconf.sh + jsvc: Fix compilation issue with newer compilers. Fixes + Procrun: Refactor UAC support so that elevation is only requested for actions that require administrator privileges. * New Features: + Procrun: Add support for hybrid CRT builds. + jsvc: Add support for LoongArch64 support. * Update dependencies: + The minimum support Java version has been upgraded from Java 7 to Java 8. - Use %patch -P N instead of deprecated %patchN. - Disable LTO to avoid undefined symbols on some platforms The following package changes have been done: - apache-commons-daemon-1.4.0-150200.11.17.1 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:04:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:04:50 +0100 (CET) Subject: SUSE-IU-2025:690-1: Security update of suse/sle-micro/5.5 Message-ID: <20250306080450.6B352FCE4@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:690-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.254 , suse/sle-micro/5.5:latest Image Release : 5.5.254 Severity : important Type : security References : 1237641 CVE-2025-27144 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:785-1 Released: Wed Mar 5 14:05:59 2025 Summary: Security update for podman Type: security Severity: important References: 1237641,CVE-2025-27144 This update for podman fixes the following issues: - CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641) The following package changes have been done: - podman-4.9.5-150500.3.37.1 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:06:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:06:08 +0100 (CET) Subject: SUSE-IU-2025:691-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250306080608.F13F3FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:691-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.6 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 5.6 Severity : important Type : security References : 1069468 1217783 1217826 1222121 1222815 1230551 1230552 1233699 1234665 1236282 CVE-2023-6917 CVE-2024-3019 CVE-2024-45769 CVE-2024-45770 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 222 Released: Wed Mar 5 17:01:50 2025 Summary: Security update for pcp Type: security Severity: important References: 1069468,1217783,1217826,1222121,1222815,1230551,1230552,CVE-2023-6917,CVE-2024-3019,CVE-2024-45769,CVE-2024-45770 This update for pcp fixes the following issues: - CVE-2024-45770: Fixed `pmpost` symlink attack allowing escalating `pcp` to `root` user (bsc#1230552). - CVE-2024-45769: Fixed `pmcd` heap corruption through metric pmstore operations (bsc#1230551). - CVE-2024-3019: Fixed exposure of the redis backend server allowing remote command execution via pmproxy (bsc#1222121). - CVE-2023-6917: Fixed Local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826). Other fixes: - Updated to version 6.2.0 ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - SL-Micro-release-6.0-25.3 updated - glibc-locale-base-2.38-8.1 updated - pcp-conf-6.2.0-1.1 updated - libpcp3-6.2.0-1.1 updated - libpcp_import1-6.2.0-1.1 updated - container:SL-Micro-base-container-2.1.3-5.6 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:06:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:06:26 +0100 (CET) Subject: SUSE-IU-2025:692-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250306080626.081DDFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:692-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.6 , suse/sl-micro/6.0/base-os-container:latest Image Release : 5.6 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - SL-Micro-release-6.0-25.3 updated - glibc-locale-base-2.38-8.1 updated - container:suse-toolbox-image-1.0.0-7.3 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:06:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:06:43 +0100 (CET) Subject: SUSE-IU-2025:693-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250306080643.E4D48FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:693-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-5.6 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 5.6 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - SL-Micro-release-6.0-25.3 updated - glibc-locale-base-2.38-8.1 updated - container:SL-Micro-base-container-2.1.3-5.6 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:06:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:06:54 +0100 (CET) Subject: SUSE-CU-2025:1591-1: Security update of suse/sl-micro/6.0/baremetal-iso-image Message-ID: <20250306080654.24873FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/baremetal-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1591-1 Container Tags : suse/sl-micro/6.0/baremetal-iso-image:2.1.3 , suse/sl-micro/6.0/baremetal-iso-image:2.1.3-5.6 , suse/sl-micro/6.0/baremetal-iso-image:latest Container Release : 5.6 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - container:SL-Micro-container-2.1.3-5.6 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:07:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:07:04 +0100 (CET) Subject: SUSE-CU-2025:1592-1: Security update of suse/sl-micro/6.0/base-iso-image Message-ID: <20250306080704.BE0FBFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/base-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1592-1 Container Tags : suse/sl-micro/6.0/base-iso-image:2.1.3 , suse/sl-micro/6.0/base-iso-image:2.1.3-4.6 , suse/sl-micro/6.0/base-iso-image:latest Container Release : 4.6 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - container:SL-Micro-base-container-2.1.3-5.6 updated - container:SL-Micro-container-2.1.3-5.6 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:07:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:07:15 +0100 (CET) Subject: SUSE-CU-2025:1593-1: Security update of suse/sl-micro/6.0/kvm-iso-image Message-ID: <20250306080715.F3145FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/kvm-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1593-1 Container Tags : suse/sl-micro/6.0/kvm-iso-image:2.1.3 , suse/sl-micro/6.0/kvm-iso-image:2.1.3-5.6 , suse/sl-micro/6.0/kvm-iso-image:latest Container Release : 5.6 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - container:SL-Micro-kvm-container-2.1.3-5.6 updated - container:SL-Micro-container-2.1.3-5.6 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:07:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:07:27 +0100 (CET) Subject: SUSE-CU-2025:1594-1: Security update of suse/sl-micro/6.0/rt-iso-image Message-ID: <20250306080727.2B30AFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/rt-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1594-1 Container Tags : suse/sl-micro/6.0/rt-iso-image:2.1.3 , suse/sl-micro/6.0/rt-iso-image:2.1.3-5.5 , suse/sl-micro/6.0/rt-iso-image:latest Container Release : 5.5 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - container:SL-Micro-rt-container-2.1.3-5.6 updated - container:SL-Micro-container-2.1.3-5.6 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:07:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:07:37 +0100 (CET) Subject: SUSE-IU-2025:694-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250306080737.8AAD2FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:694-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.8 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.8 Severity : important Type : security References : 1224788 1233282 CVE-2024-35195 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 28 Released: Wed Mar 5 16:01:46 2025 Summary: Security update for glib2 Type: security Severity: important References: 1224788,1233282,CVE-2024-35195,CVE-2024-52533 This update for glib2 fixes the following issues: - CVE-2024-52533: Fixed a single byte buffer overflow in set_connect_msg() (bsc#1233282) The following package changes have been done: - pam-1.6.1-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.7 updated - libglib-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_2.1 updated - glib2-tools-2.78.6-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.0-4.7 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:07:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:07:45 +0100 (CET) Subject: SUSE-IU-2025:695-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250306080745.C1249FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:695-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.7 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.7 Severity : important Type : security References : 1224788 1233282 CVE-2024-35195 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 28 Released: Wed Mar 5 16:01:46 2025 Summary: Security update for glib2 Type: security Severity: important References: 1224788,1233282,CVE-2024-35195,CVE-2024-52533 This update for glib2 fixes the following issues: - CVE-2024-52533: Fixed a single byte buffer overflow in set_connect_msg() (bsc#1233282) The following package changes have been done: - pam-1.6.1-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.7 updated - libglib-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_2.1 updated - glib2-tools-2.78.6-slfo.1.1_2.1 updated - container:suse-toolbox-image-1.0.0-4.6 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:07:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:07:55 +0100 (CET) Subject: SUSE-IU-2025:696-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250306080755.6458AFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:696-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.6 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.6 Severity : important Type : security References : 1224788 1233282 CVE-2024-35195 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 28 Released: Wed Mar 5 16:01:46 2025 Summary: Security update for glib2 Type: security Severity: important References: 1224788,1233282,CVE-2024-35195,CVE-2024-52533 This update for glib2 fixes the following issues: - CVE-2024-52533: Fixed a single byte buffer overflow in set_connect_msg() (bsc#1233282) The following package changes have been done: - pam-1.6.1-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.7 updated - libglib-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_2.1 updated - glib2-tools-2.78.6-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.0-4.7 updated From sle-container-updates at lists.suse.com Thu Mar 6 08:08:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Mar 2025 09:08:05 +0100 (CET) Subject: SUSE-IU-2025:697-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250306080805.9A25EFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:697-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.7 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.7 Severity : important Type : security References : 1224788 1233282 CVE-2024-35195 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 28 Released: Wed Mar 5 16:01:46 2025 Summary: Security update for glib2 Type: security Severity: important References: 1224788,1233282,CVE-2024-35195,CVE-2024-52533 This update for glib2 fixes the following issues: - CVE-2024-52533: Fixed a single byte buffer overflow in set_connect_msg() (bsc#1233282) The following package changes have been done: - pam-1.6.1-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.7 updated - libglib-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_2.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_2.1 updated - glib2-tools-2.78.6-slfo.1.1_2.1 updated - container:SL-Micro-container-2.2.0-4.8 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:03:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:03:42 +0100 (CET) Subject: SUSE-CU-2025:1603-1: Security update of containers/ollama Message-ID: <20250307080342.E1E1EFCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1603-1 Container Tags : containers/ollama:0.5 , containers/ollama:0.5.7 , containers/ollama:0.5.7-6.19 Container Release : 6.19 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - cuda-cccl-12-5-12.5.39-150600.2.3 updated - cuda-crt-12-5-12.5.82-150600.2.3 updated - cuda-nvvm-12-5-12.5.82-150600.2.3 updated - cuda-toolkit-12-5-config-common-12.5.82-150600.2.3 updated - cuda-toolkit-12-config-common-12.5.82-150600.2.3 updated - cuda-toolkit-config-common-12.5.82-150600.2.3 updated - libglib-2_0-0-2.78.6-150600.4.8.1 added - libcublas-12-5-12.5.3.2-150600.1.12 updated - cuda-cudart-12-5-12.5.82-150600.2.3 updated - pkg-config-0.29.2-150600.15.3.1 updated - cuda-driver-devel-12-5-12.5.82-150600.1.14 updated - ollama-nvidia-0.5.7-150600.1.6 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:07:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:07:01 +0100 (CET) Subject: SUSE-CU-2025:1605-1: Security update of bci/gcc Message-ID: <20250307080701.5CF1EFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1605-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.34 , bci/gcc:latest Container Release : 8.34 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:07:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:07:20 +0100 (CET) Subject: SUSE-CU-2025:1606-1: Security update of bci/golang Message-ID: <20250307080720.B2821FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1606-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.6 , bci/golang:1.23.6-2.34.15 , bci/golang:oldstable , bci/golang:oldstable-2.34.15 Container Release : 34.15 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:07:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:07:21 +0100 (CET) Subject: SUSE-CU-2025:1607-1: Security update of bci/golang Message-ID: <20250307080721.60212FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1607-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.7 , bci/golang:1.23.7-2.34.16 , bci/golang:oldstable , bci/golang:oldstable-2.34.16 Container Release : 34.16 Severity : moderate Type : security References : 1229122 1238572 CVE-2025-22870 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:803-1 Released: Thu Mar 6 15:05:41 2025 Summary: Security update for go1.23 Type: security Severity: moderate References: 1229122,1238572,CVE-2025-22870 This update for go1.23 fixes the following issues: - CVE-2025-22870: golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238572) Other fixes: - Updated go version to go1.23.7 (bsc#1229122): * go#71985 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71727 runtime: usleep computes wrong tv_nsec on s390x * go#71839 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71848 os: spurious SIGCHILD on running child process * go#71875 reflect: Value.Seq panicking on functional iterator methods * go#71915 reflect: Value.Seq iteration value types not matching the type of given int types * go#71962 runtime/cgo: does not build with -Wdeclaration-after-statement The following package changes have been done: - go1.23-doc-1.23.7-150000.1.24.1 updated - go1.23-1.23.7-150000.1.24.1 updated - go1.23-race-1.23.7-150000.1.24.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:07:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:07:43 +0100 (CET) Subject: SUSE-CU-2025:1608-1: Security update of bci/golang Message-ID: <20250307080743.21809FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1608-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.0 , bci/golang:1.24.0-1.34.15 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.15 Container Release : 34.15 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:07:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:07:43 +0100 (CET) Subject: SUSE-CU-2025:1609-1: Security update of bci/golang Message-ID: <20250307080743.C4ABFFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1609-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.1 , bci/golang:1.24.1-1.34.16 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.16 Container Release : 34.16 Severity : moderate Type : security References : 1236217 1238572 CVE-2025-22870 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:802-1 Released: Thu Mar 6 15:05:29 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1238572,CVE-2025-22870 This update for go1.24 fixes the following issues: - CVE-2025-22870: golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238572) Other fixes: - Updated go version to go1.24.1 (bsc#1236217): * go#71986 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71687 cmd/go: panics with GOAUTH='git dir' go get -x * go#71705 runtime: add linkname of runtime.lastmoduledatap for cloudwego/sonic * go#71728 runtime: usleep computes wrong tv_nsec on s390x * go#71745 crypto: add fips140 as an opaque GODEBUG setting and add documentation for it * go#71829 cmd/compile: fail to compile package in 1.24 * go#71836 os: possible regression from Go 1.23 to Go 1.24 when opening DevNull with O_TRUNC * go#71840 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71849 os: spurious SIGCHILD on running child process * go#71855 cmd/compile: Pow10 freeze the compiler on certain condition on Go 1.24 * go#71858 debug/buildinfo: false positives with external scanners flag for go117 binary in testdata * go#71876 reflect: Value.Seq panicking on functional iterator methods * go#71904 cmd/compile: nil dereference when storing field of non-nil struct value * go#71916 reflect: Value.Seq iteration value types not matching the type of given int types * go#71938 cmd/compile: 'fatal error: found pointer to free object' on arm64 * go#71955 proposal: runtime: allow cleanups to run concurrently * go#71963 runtime/cgo: does not build with -Wdeclaration-after-statement * go#71977 syscall: js/wasm file operations fail on windows / node.js The following package changes have been done: - go1.24-doc-1.24.1-150000.1.12.1 updated - go1.24-1.24.1-150000.1.12.1 updated - go1.24-race-1.24.1-150000.1.12.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:08:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:08:07 +0100 (CET) Subject: SUSE-CU-2025:1610-1: Security update of bci/golang Message-ID: <20250307080807.E7615FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1610-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.35 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.35 Container Release : 55.35 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:08:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:08:30 +0100 (CET) Subject: SUSE-CU-2025:1611-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250307080830.3BC7BFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1611-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.5 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.5 Severity : important Type : recommended References : 1237374 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:08:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:08:55 +0100 (CET) Subject: SUSE-CU-2025:1612-1: Security update of bci/bci-init Message-ID: <20250307080855.19CC5FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1612-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.31.10 , bci/bci-init:latest Container Release : 31.10 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:09:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:09:30 +0100 (CET) Subject: SUSE-CU-2025:1613-1: Recommended update of bci/kiwi Message-ID: <20250307080930.2D1A9FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1613-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.8 , bci/kiwi:latest Container Release : 22.8 Severity : important Type : recommended References : 1237374 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:09:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:09:58 +0100 (CET) Subject: SUSE-CU-2025:1616-1: Security update of suse/pcp Message-ID: <20250307080958.B7F2AFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1616-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.43 , suse/pcp:latest Container Release : 42.43 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated - container:bci-bci-init-15.6-383a8afb74d0df4c475e574e78ab9b5c01bc82f4964bedcdcdb361877d366478-0 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:10:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:10:31 +0100 (CET) Subject: SUSE-CU-2025:1617-1: Security update of bci/python Message-ID: <20250307081031.EC5CFFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1617-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-61.36 Container Release : 61.36 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:11:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:11:01 +0100 (CET) Subject: SUSE-CU-2025:1618-1: Security update of bci/python Message-ID: <20250307081101.39068FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1618-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-62.11 , bci/python:latest Container Release : 62.11 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:11:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:11:31 +0100 (CET) Subject: SUSE-CU-2025:1619-1: Security update of bci/python Message-ID: <20250307081131.07178FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1619-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.37 Container Release : 60.37 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:11:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:11:59 +0100 (CET) Subject: SUSE-CU-2025:1620-1: Security update of bci/ruby Message-ID: <20250307081159.98DEFFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1620-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.39 , bci/ruby:latest Container Release : 31.39 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:12:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:12:23 +0100 (CET) Subject: SUSE-CU-2025:1621-1: Security update of bci/rust Message-ID: <20250307081223.A874DFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1621-1 Container Tags : bci/rust:1.83 , bci/rust:1.83.0 , bci/rust:1.83.0-2.2.13 , bci/rust:oldstable , bci/rust:oldstable-2.2.13 Container Release : 2.13 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:12:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:12:47 +0100 (CET) Subject: SUSE-CU-2025:1622-1: Security update of bci/rust Message-ID: <20250307081247.574C7FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1622-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.0 , bci/rust:1.84.0-1.2.13 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.13 Container Release : 2.13 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:13:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:13:48 +0100 (CET) Subject: SUSE-CU-2025:1623-1: Security update of containers/python Message-ID: <20250307081348.A96C9FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1623-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-44.33 Container Release : 44.33 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:13:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:13:57 +0100 (CET) Subject: SUSE-CU-2025:1624-1: Security update of containers/python Message-ID: <20250307081357.DC5C3FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1624-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.34 Container Release : 51.34 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:14:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:14:49 +0100 (CET) Subject: SUSE-CU-2025:1625-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250307081449.59199FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1625-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.10 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.10 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 7 08:15:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Mar 2025 09:15:31 +0100 (CET) Subject: SUSE-CU-2025:1626-1: Recommended update of bci/spack Message-ID: <20250307081531.62670FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1626-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.5 , bci/spack:latest Container Release : 5.5 Severity : important Type : recommended References : 1237374 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:04:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:04:03 +0100 (CET) Subject: SUSE-IU-2025:699-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250308080403.E6A5BFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:699-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.7 , suse/sl-micro/6.0/base-os-container:latest Image Release : 5.7 Severity : important Type : security References : 1215098 1215099 1215100 1215101 1215102 1215103 1230316 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 225 Released: Fri Mar 7 16:31:20 2025 Summary: Security update for pcr-oracle, shim Type: security Severity: important References: 1215098,1215099,1215100,1215101,1215102,1215103,1230316,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551 This update for pcr-oracle, shim fixes the following issues: pcr-oracle: - predict SbatLevelRT for the next boot (bsc#1230316) shim was updated to version 15.8: - Update shim-install to use the 'removable' way for encrypted SL-Micro images (bsc#1230316) * Always use the removable way for SL-Micro * Limit the removable option to encrypted SL-Micro Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The following package changes have been done: - shim-15.8-1.1 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:04:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:04:44 +0100 (CET) Subject: SUSE-IU-2025:701-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250308080444.32C09FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:701-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-6.6 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 6.6 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - SL-Micro-release-6.0-25.3 updated - glibc-locale-base-2.38-8.1 updated - container:SL-Micro-container-2.1.3-5.7 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:05:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:05:42 +0100 (CET) Subject: SUSE-IU-2025:702-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250308080542.2AB27FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:702-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.9 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.9 Severity : moderate Type : security References : 1215628 1219823 1219826 1221164 1221482 1221940 1222992 1223423 1223424 1223425 1228041 1236136 1236282 CVE-2023-50387 CVE-2023-50868 CVE-2024-13176 CVE-2024-1931 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-33655 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 31 Released: Fri Mar 7 17:28:37 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1215628,1219823,1219826,1221164,1236136,CVE-2023-50387,CVE-2023-50868,CVE-2024-13176,CVE-2024-1931,CVE-2024-33655 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation(bsc#1236136). ----------------------------------------------------------------- Advisory ID: 32 Released: Fri Mar 7 18:05:51 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,1236282,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). The following package changes have been done: - glibc-2.38-slfo.1.1_3.1 updated - libopenssl3-3.1.4-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.11.8 updated - glibc-locale-base-2.38-slfo.1.1_3.1 updated - pcp-conf-6.2.0-slfo.1.1_3.1 updated - libpcp3-6.2.0-slfo.1.1_3.1 updated - libpcp_import1-6.2.0-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.0-4.8 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:05:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:05:51 +0100 (CET) Subject: SUSE-IU-2025:703-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250308080551.10E3BFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:703-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.8 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.8 Severity : moderate Type : security References : 1215628 1219823 1219826 1221164 1221482 1221940 1222992 1223423 1223424 1223425 1228041 1236136 1236282 CVE-2023-50387 CVE-2023-50868 CVE-2024-13176 CVE-2024-1931 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-33655 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 31 Released: Fri Mar 7 17:28:37 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1215628,1219823,1219826,1221164,1236136,CVE-2023-50387,CVE-2023-50868,CVE-2024-13176,CVE-2024-1931,CVE-2024-33655 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation(bsc#1236136). ----------------------------------------------------------------- Advisory ID: 32 Released: Fri Mar 7 18:05:51 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,1236282,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). The following package changes have been done: - glibc-2.38-slfo.1.1_3.1 updated - libopenssl3-3.1.4-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.11.8 updated - openssl-3-3.1.4-slfo.1.1_4.1 updated - glibc-locale-base-2.38-slfo.1.1_3.1 updated - container:suse-toolbox-image-1.0.0-4.7 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:06:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:06:01 +0100 (CET) Subject: SUSE-IU-2025:704-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250308080601.97B68FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:704-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.7 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.7 Severity : moderate Type : security References : 1215628 1219823 1219826 1221164 1221482 1221940 1222992 1223423 1223424 1223425 1228041 1236136 1236282 CVE-2023-50387 CVE-2023-50868 CVE-2024-13176 CVE-2024-1931 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-33655 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 31 Released: Fri Mar 7 17:28:37 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1215628,1219823,1219826,1221164,1236136,CVE-2023-50387,CVE-2023-50868,CVE-2024-13176,CVE-2024-1931,CVE-2024-33655 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation(bsc#1236136). ----------------------------------------------------------------- Advisory ID: 32 Released: Fri Mar 7 18:05:51 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,1236282,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). The following package changes have been done: - glibc-2.38-slfo.1.1_3.1 updated - libopenssl3-3.1.4-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.11.8 updated - glibc-locale-base-2.38-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.0-4.8 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:06:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:06:12 +0100 (CET) Subject: SUSE-IU-2025:705-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250308080612.83D06FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:705-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.8 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.8 Severity : moderate Type : security References : 1215628 1219823 1219826 1221164 1221482 1221940 1222992 1223423 1223424 1223425 1228041 1236136 1236282 CVE-2023-50387 CVE-2023-50868 CVE-2024-13176 CVE-2024-1931 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-33655 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 31 Released: Fri Mar 7 17:28:37 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1215628,1219823,1219826,1221164,1236136,CVE-2023-50387,CVE-2023-50868,CVE-2024-13176,CVE-2024-1931,CVE-2024-33655 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation(bsc#1236136). ----------------------------------------------------------------- Advisory ID: 32 Released: Fri Mar 7 18:05:51 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,1236282,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). The following package changes have been done: - glibc-2.38-slfo.1.1_3.1 updated - libopenssl3-3.1.4-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.11.8 updated - glibc-locale-base-2.38-slfo.1.1_3.1 updated - container:SL-Micro-container-2.2.0-4.9 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:06:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:06:20 +0100 (CET) Subject: SUSE-CU-2025:1631-1: Security update of suse/sl-micro/6.1/baremetal-iso-image Message-ID: <20250308080620.8A9EAFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.1/baremetal-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1631-1 Container Tags : suse/sl-micro/6.1/baremetal-iso-image:2.2.0 , suse/sl-micro/6.1/baremetal-iso-image:2.2.0-4.8 , suse/sl-micro/6.1/baremetal-iso-image:latest Container Release : 4.8 Severity : moderate Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 1236282 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Fri Mar 7 18:05:51 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,1236282,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). The following package changes have been done: - glibc-2.38-slfo.1.1_3.1 updated - container:SL-Micro-container-2.2.0-4.9 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:06:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:06:27 +0100 (CET) Subject: SUSE-CU-2025:1632-1: Security update of suse/sl-micro/6.1/base-iso-image Message-ID: <20250308080627.E1950FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.1/base-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1632-1 Container Tags : suse/sl-micro/6.1/base-iso-image:2.2.0 , suse/sl-micro/6.1/base-iso-image:2.2.0-4.8 , suse/sl-micro/6.1/base-iso-image:latest Container Release : 4.8 Severity : moderate Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 1236282 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Fri Mar 7 18:05:51 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,1236282,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). The following package changes have been done: - glibc-2.38-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.0-4.9 updated - container:SL-Micro-container-2.2.0-4.9 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:06:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:06:35 +0100 (CET) Subject: SUSE-CU-2025:1633-1: Security update of suse/sl-micro/6.1/kvm-iso-image Message-ID: <20250308080635.7A7D7FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.1/kvm-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1633-1 Container Tags : suse/sl-micro/6.1/kvm-iso-image:2.2.0 , suse/sl-micro/6.1/kvm-iso-image:2.2.0-4.8 , suse/sl-micro/6.1/kvm-iso-image:latest Container Release : 4.8 Severity : moderate Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 1236282 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Fri Mar 7 18:05:51 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,1236282,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). The following package changes have been done: - glibc-2.38-slfo.1.1_3.1 updated - container:SL-Micro-kvm-container-2.2.0-4.9 updated - container:SL-Micro-container-2.2.0-4.9 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:06:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:06:43 +0100 (CET) Subject: SUSE-CU-2025:1634-1: Security update of suse/sl-micro/6.1/rt-iso-image Message-ID: <20250308080643.34B0DFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.1/rt-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1634-1 Container Tags : suse/sl-micro/6.1/rt-iso-image:2.2.0 , suse/sl-micro/6.1/rt-iso-image:2.2.0-4.8 , suse/sl-micro/6.1/rt-iso-image:latest Container Release : 4.8 Severity : moderate Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 1236282 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Fri Mar 7 18:05:51 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,1236282,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). The following package changes have been done: - glibc-2.38-slfo.1.1_3.1 updated - container:SL-Micro-rt-container-2.2.0-4.9 updated - container:SL-Micro-container-2.2.0-4.9 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:10:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:10:01 +0100 (CET) Subject: SUSE-CU-2025:1637-1: Recommended update of bci/rust Message-ID: <20250308081001.1BFEEFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1637-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.0 , bci/rust:1.84.0-2.2.1 , bci/rust:oldstable , bci/rust:oldstable-2.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:474-1 Released: Wed Feb 12 15:00:12 2025 Summary: Recommended update for rust Type: recommended Severity: moderate References: This update for rust fixes the following issues: - Update to version 1.84.0 - for details see the rust1.84 package Version 1.84.0 (2025-01-09) ========================== Language -------- - Allow `#[deny]` inside `#[forbid]` as a no-op - Show a warning when `-Ctarget-feature` is used to toggle features that can lead to unsoundness due to ABI mismatches - Use the next-generation trait solver in coherence - Allow coercions to drop the principal of trait objects - Support `/` as the path separator for `include!()` in all cases on Windows - Taking a raw ref (`raw (const|mut)`) of a deref of a pointer (`*ptr`) is now safe - Stabilize s390x inline assembly - Stabilize Arm64EC inline assembly - Lint against creating pointers to immediately dropped temporaries - Execute drop glue when unwinding in an `extern 'C'` function Compiler -------- - Add `--print host-tuple` flag to print the host target tuple and affirm the 'target tuple' terminology over 'target triple' - Declaring functions with a calling convention not supported on the current target now triggers a hard error - Set up indirect access to external data for `loongarch64-unknown-linux-{musl,ohos}` - Enable XRay instrumentation for LoongArch Linux targets - Extend the `unexpected_cfgs` lint to also warn in external macros - Stabilize WebAssembly `multivalue`, `reference-types`, and `tail-call` target features - Added Tier 2 support for the `wasm32v1-none` target Libraries --------- - Implement `From<&mut {slice}>` for `Box/Rc/Arc<{slice}>` - Move `::copysign`, `::abs`, `::signum` to `core` - Add `LowerExp` and `UpperExp` implementations to `NonZero` - Implement `FromStr` for `CString` and `TryFrom` for `String` - `std::os::darwin` has been made public Stabilized APIs --------------- - `Ipv6Addr::is_unique_local` https://doc.rust-lang.org/stable/core/net/struct.Ipv6Addr.html#method.is_unique_local - `Ipv6Addr::is_unicast_link_local` https://doc.rust-lang.org/stable/core/net/struct.Ipv6Addr.html#method.is_unicast_link_local - `core::ptr::with_exposed_provenance` https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance.html - `core::ptr::with_exposed_provenance_mut` https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance_mut.html - `::addr` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.addr - `::expose_provenance` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.expose_provenance - `::with_addr` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.with_addr - `::map_addr` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.map_addr - `::isqrt` https://doc.rust-lang.org/stable/core/primitive.i32.html#method.isqrt - `::checked_isqrt` https://doc.rust-lang.org/stable/core/primitive.i32.html#method.checked_isqrt - `::isqrt` https://doc.rust-lang.org/stable/core/primitive.u32.html#method.isqrt - `NonZero::isqrt` https://doc.rust-lang.org/stable/core/num/struct.NonZero.html#impl-NonZero%3Cu128%3E/method.isqrt - `core::ptr::without_provenance` https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance.html - `core::ptr::without_provenance_mut` https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance_mut.html - `core::ptr::dangling` https://doc.rust-lang.org/stable/core/ptr/fn.dangling.html - `core::ptr::dangling_mut` https://doc.rust-lang.org/stable/core/ptr/fn.dangling_mut.html - `Pin::as_deref_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.as_deref_mut - `AtomicBool::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicBool.html#method.from_ptr - `AtomicPtr::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicPtr.html#method.from_ptr - `AtomicU8::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU8.html#method.from_ptr - `AtomicU16::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU16.html#method.from_ptr - `AtomicU32::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU32.html#method.from_ptr - `AtomicU64::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU64.html#method.from_ptr - `AtomicUsize::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicUsize.html#method.from_ptr - `AtomicI8::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI8.html#method.from_ptr - `AtomicI16::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI16.html#method.from_ptr - `AtomicI32::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI32.html#method.from_ptr - `AtomicI64::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI64.html#method.from_ptr - `AtomicIsize::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicIsize.html#method.from_ptr - `::is_null` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.is_null-1 - `::as_ref` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.as_ref-1 - `::as_mut` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.as_mut - `Pin::new` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.new - `Pin::new_unchecked` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.new_unchecked - `Pin::get_ref` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_ref - `Pin::into_ref` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.into_ref - `Pin::get_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_mut - `Pin::get_unchecked_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_unchecked_mut - `Pin::static_ref` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.static_ref - `Pin::static_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.static_mut Cargo ----- - Stabilize MSRV-aware resolver config - Stabilize resolver v3 Rustdoc ------- - rustdoc-search: improve type-driven search Compatibility Notes ------------------- - Enable by default the `LSX` target feature for LoongArch Linux targets - The unstable `-Zprofile` flag (???gcov-style??? coverage instrumentation) has been removed. This does not affect the stable flags for coverage instrumentation (`-Cinstrument-coverage`) and profile-guided optimization (`-Cprofile-generate`, `-Cprofile-use`), which are unrelated and remain available. - Support for the target named `wasm32-wasi` has been removed as the target is now named `wasm32-wasip1`. This completes the transition plan for this target following the introduction of `wasm32-wasip1` in Rust 1.78. Compiler warnings on use of `wasm32-wasi` introduced in Rust 1.81 are now gone as well as the target is removed. - The syntax `&pin (mut|const) T` is now parsed as a type which in theory could affect macro expansion results in some edge cases - Legacy syntax for calling `std::arch` functions is no longer permitted to declare items or bodies (such as closures, inline consts, or async blocks). - Declaring functions with a calling convention not supported on the current target now triggers a hard error - The next-generation trait solver is now enabled for coherence, fixing multiple soundness issues The following package changes have been done: - rust1.84-1.84.0-150300.7.4.3 added - cargo1.84-1.84.0-150300.7.4.3 added - cargo1.83-1.83.0-150300.7.4.1 removed - rust1.83-1.83.0-150300.7.4.1 removed From sle-container-updates at lists.suse.com Sat Mar 8 08:10:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:10:27 +0100 (CET) Subject: SUSE-CU-2025:1638-1: Recommended update of bci/rust Message-ID: <20250308081027.97FCCFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1638-1 Container Tags : bci/rust:1.85 , bci/rust:1.85.0 , bci/rust:1.85.0-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:773-1 Released: Tue Mar 4 08:48:41 2025 Summary: Recommended update for rust, rust1.85 Type: recommended Severity: moderate References: This update for rust, rust1.85 fixes the following issues: Rust Version 1.85.0 (2025-02-20) ========================== Language -------- - The 2024 Edition is now stable. See the edition guide https://doc.rust-lang.org/nightly/edition-guide/rust-2024/index.html for more details. - Stabilize async closures See RFC 3668 https://rust-lang.github.io/rfcs/3668-async-closures.html for more details. - Stabilize `#[diagnostic::do_not_recommend]` - Add `unpredictable_function_pointer_comparisons` lint to warn against function pointer comparisons - Lint on combining `#[no_mangle]` and `#[export_name]` attributes. Compiler -------- - The unstable flag `-Zpolymorphize` has been removed, see https://github.com/rust-lang/compiler-team/issues/810 for some background. Platform Support ---------------- - Promote `powerpc64le-unknown-linux-musl` to tier 2 with host tools Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Panics in the standard library now have a leading `library/` in their path - `std::env::home_dir()` on Windows now ignores the non-standard `$HOME` environment variable It will be un-deprecated in a subsequent release. - Add `AsyncFn*` to the prelude in all editions. Stabilized APIs --------------- - `BuildHasherDefault::new` https://doc.rust-lang.org/stable/std/hash/struct.BuildHasherDefault.html#method.new - `ptr::fn_addr_eq` https://doc.rust-lang.org/std/ptr/fn.fn_addr_eq.html - `io::ErrorKind::QuotaExceeded` https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.QuotaExceeded - `io::ErrorKind::CrossesDevices` https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.CrossesDevices - `{float}::midpoint` https://doc.rust-lang.org/core/primitive.f32.html#method.midpoint - Unsigned `{integer}::midpoint` https://doc.rust-lang.org/std/primitive.u64.html#method.midpoint - `NonZeroU*::midpoint` https://doc.rust-lang.org/std/num/type.NonZeroU32.html#method.midpoint - impl `std::iter::Extend` for tuples with arity 1 through 12 https://doc.rust-lang.org/stable/std/iter/trait.Extend.html#impl-Extend%3C(A,)%3E-for-(EA,) - `FromIterator<(A, ...)>` for tuples with arity 1 through 12 https://doc.rust-lang.org/stable/std/iter/trait.FromIterator.html#impl-FromIterator%3C(EA,)%3E-for-(A,) - `std::task::Waker::noop` https://doc.rust-lang.org/stable/std/task/struct.Waker.html#method.noop These APIs are now stable in const contexts: - `mem::size_of_val` https://doc.rust-lang.org/stable/std/mem/fn.size_of_val.html - `mem::align_of_val` https://doc.rust-lang.org/stable/std/mem/fn.align_of_val.html - `Layout::for_value` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.for_value - `Layout::align_to` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.align_to - `Layout::pad_to_align` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.pad_to_align - `Layout::extend` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.extend - `Layout::array` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.array - `std::mem::swap` https://doc.rust-lang.org/stable/std/mem/fn.swap.html - `std::ptr::swap` https://doc.rust-lang.org/stable/std/ptr/fn.swap.html - `NonNull::new` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.new - `HashMap::with_hasher` https://doc.rust-lang.org/stable/std/collections/struct.HashMap.html#method.with_hasher - `HashSet::with_hasher` https://doc.rust-lang.org/stable/std/collections/struct.HashSet.html#method.with_hasher - `BuildHasherDefault::new` https://doc.rust-lang.org/stable/std/hash/struct.BuildHasherDefault.html#method.new - `::recip` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.recip - `::to_degrees` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.to_degrees - `::to_radians` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.to_radians - `::max` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.max - `::min` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.min - `::clamp` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.clamp - `::abs` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.abs - `::signum` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.signum - `::copysign` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.copysign - `MaybeUninit::write` https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.write Cargo ----- - Add future-incompatibility warning against keywords in cfgs and add raw-idents - Stabilize higher precedence trailing flags - Pass `CARGO_CFG_FEATURE` to build scripts Rustdoc ----- - Doc comment on impl blocks shows the first line, even when the impl block is collapsed Compatibility Notes ------------------- - `rustc` no longer treats the `test` cfg as a well known check-cfg, instead it is up to the build systems and users of `--check-cfg`[^check-cfg] to set it as a well known cfg using `--check-cfg=cfg(test)`. his is done to enable build systems like Cargo to set it conditionally, as not all source files are suitable for unit tests. Cargo (for now) unconditionally sets the `test` cfg as a well known cfg ^check-cfg]: https://doc.rust-lang.org/nightly/rustc/check-cfg.html - Disable potentially incorrect type inference if there are trivial and non-trivial where-clauses - `std::env::home_dir()` has been deprecated for years, because it can give surprising results in some Windows configurations if the `HOME` environment variable is set (which is not the normal configuration on Windows). We had previously avoided changing its behavior, out of concern for compatibility with code depending on this non-standard configuration. Given how long this function has been deprecated, we're now fixing its behavior as a bugfix. A subsequent release will remove the deprecation for this function. - Make `core::ffi::c_char` signedness more closely match that of the platform-default `char` This changed `c_char` from an `i8` to `u8` or vice versa on many Tier 2 and 3 targets (mostly Arm and RISC-V embedded targets). The new definition may result in compilation failures but fixes compatibility issues with C. The `libc` crate matches this change as of its 0.2.169 release. - When compiling a nested `macro_rules` macro from an external crate, the content of the inner `macro_rules` is now built with the edition of the external crate, not the local crate. - Increase `sparcv9-sun-solaris` and `x86_64-pc-solaris` Solaris baseline to 11.4. - Show `abi_unsupported_vector_types` lint in future breakage reports - Error if multiple super-trait instantiations of `dyn Trait` need associated types to be specified but only one is provided - Change `powerpc64-ibm-aix` default `codemodel` to large Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - Build `x86_64-unknown-linux-gnu` with LTO for C/C++ code (e.g., `jemalloc`) The following package changes have been done: - rust1.85-1.85.0-150300.7.3.1 added - cargo1.85-1.85.0-150300.7.3.1 added - cargo1.84-1.84.0-150300.7.4.3 removed - rust1.84-1.84.0-150300.7.4.3 removed From sle-container-updates at lists.suse.com Sat Mar 8 08:11:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:11:55 +0100 (CET) Subject: SUSE-CU-2025:1626-1: Recommended update of bci/spack Message-ID: <20250308081155.730D4FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1626-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.5 , bci/spack:latest Container Release : 5.5 Severity : important Type : recommended References : 1237374 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:11:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:11:58 +0100 (CET) Subject: SUSE-CU-2025:1639-1: Security update of bci/python Message-ID: <20250308081158.946F1FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1639-1 Container Tags : bci/python:3.13 , bci/python:3.13.0 , bci/python:3.13.0-4.44 Container Release : 4.44 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:12:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:12:01 +0100 (CET) Subject: SUSE-CU-2025:1640-1: Security update of bci/ruby Message-ID: <20250308081201.18F53FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1640-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-3.10 Container Release : 3.10 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:12:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:12:05 +0100 (CET) Subject: SUSE-CU-2025:1641-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250308081205.A07EEFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1641-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.38 Container Release : 4.38 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - kernel-macros-6.4.0-150700.45.1 updated - pkg-config-0.29.2-150600.15.3.1 updated - kernel-devel-6.4.0-150700.45.1 updated - kernel-default-devel-6.4.0-150700.45.1 updated - kernel-syms-6.4.0-150700.45.1 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:12:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:12:08 +0100 (CET) Subject: SUSE-CU-2025:1642-1: Recommended update of bci/spack Message-ID: <20250308081208.9E344FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1642-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-6.7 Container Release : 6.7 Severity : important Type : recommended References : 1237374 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - pkg-config-0.29.2-150600.15.3.1 updated From sle-container-updates at lists.suse.com Sat Mar 8 08:13:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Mar 2025 09:13:39 +0100 (CET) Subject: SUSE-CU-2025:1646-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250308081339.C9998FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1646-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.1 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.1 Severity : important Type : recommended References : 1027642 1212161 1212161 1213437 1213437 1216553 1216553 1216744 1216744 1216946 1216946 1216968 1216968 1219450 1219450 1219935 1219935 1219978 1219978 1220494 1220494 1220902 1220902 1221219 1221219 1222820 1222820 1225287 1225287 1226958 1226958 1227118 1227118 1227374 1227374 1227578 1227578 1227644 1227644 1227660 1227660 1227759 1227759 1227827 1227827 1227852 1227852 1227882 1227882 1228182 1228182 1228232 1228232 1228856 1228856 1228956 1228956 1229000 1229000 1229286 1229286 1229437 1229437 1229848 1229848 1230255 1230255 1230585 1230585 1230745 1230745 1231053 1231053 1231404 1231404 1231430 1231430 1232042 1232042 1232530 1232530 1232713 1232713 1233258 1233258 1233400 1233400 1233431 1233431 1233450 1233450 1233595 1233595 1233724 1233724 1233761 1233761 1233884 1233884 1234033 1234033 1234202 1234202 1234226 1234226 1234233 1234233 1234251 1234251 1234441 1234441 1234994 1234994 1235145 1235145 1235696 1235696 1235970 1235970 1236212 1236212 1236234 1236234 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:792-1 Released: Thu Mar 6 06:35:21 2025 Summary: Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail Type: recommended Severity: moderate References: 1212161,1213437,1216553,1216744,1216946,1216968,1219450,1219935,1219978,1220494,1220902,1221219,1222820,1225287,1226958,1227118,1227374,1227578,1227644,1227660,1227759,1227827,1227852,1227882,1228182,1228232,1228856,1228956,1229000,1229286,1229437,1229848,1230255,1230585,1230745,1231053,1231404,1231430,1232042,1232530,1232713,1233258,1233400,1233431,1233450,1233595,1233724,1233761,1233884,1234033,1234202,1234226,1234233,1234251,1234441,1234994,1235145,1235696,1235970,1236212,1236234 Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:793-1 Released: Thu Mar 6 06:36:02 2025 Summary: Maintenance update for Multi-Linux Manager 4.3 Release Notes Type: recommended Severity: important References: 1027642,1212161,1213437,1216553,1216744,1216946,1216968,1219450,1219935,1219978,1220494,1220902,1221219,1222820,1225287,1226958,1227118,1227374,1227578,1227644,1227660,1227759,1227827,1227852,1227882,1228182,1228232,1228856,1228956,1229000,1229286,1229437,1229848,1230255,1230585,1230745,1231053,1231404,1231430,1232042,1232530,1232713,1233258,1233400,1233431,1233450,1233595,1233724,1233761,1233884,1234033,1234202,1234226,1234233,1234251,1234441,1234994,1235145,1235696,1235970,1236212,1236234 Maintenance update for Multi-Linux Manager 4.3 Release Notes: This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.15-150400.3.93.2 updated - spacewalk-backend-4.3.31-150400.3.50.2 updated - python3-spacewalk-client-tools-4.3.22-150400.3.36.2 updated - spacewalk-client-tools-4.3.22-150400.3.36.2 updated - spacewalk-proxy-package-manager-4.3.20-150400.3.32.2 updated - spacewalk-proxy-common-4.3.20-150400.3.32.2 updated - spacewalk-proxy-broker-4.3.20-150400.3.32.2 updated - spacewalk-proxy-redirect-4.3.20-150400.3.32.2 updated From sle-container-updates at lists.suse.com Mon Mar 10 15:29:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Mar 2025 16:29:25 +0100 (CET) Subject: SUSE-CU-2025:1653-1: Security update of bci/bci-init Message-ID: <20250310152925.12449FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1653-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-3.50 Container Release : 3.50 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - libopenssl3-3.2.3-150700.3.10 updated - libgcrypt20-1.11.0-150700.2.16 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - sles-release-15.7-150700.21.5 updated - pkg-config-0.29.2-150600.15.3.1 updated - container:sles15-image-15.7.0-4.2.31 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:04:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:04:48 +0100 (CET) Subject: SUSE-IU-2025:718-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250311080448.2B701FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:718-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.150 , suse/sle-micro/base-5.5:latest Image Release : 5.8.150 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:05:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:05:23 +0100 (CET) Subject: SUSE-IU-2025:719-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250311080523.CEE18FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:719-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.288 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.288 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.150 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:06:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:06:14 +0100 (CET) Subject: SUSE-IU-2025:720-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250311080614.812BCFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:720-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.335 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.335 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.256 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:07:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:07:04 +0100 (CET) Subject: SUSE-IU-2025:721-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250311080704.E010AFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:721-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.256 , suse/sle-micro/5.5:latest Image Release : 5.5.256 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.150 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:13:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:13:34 +0100 (CET) Subject: SUSE-IU-2025:722-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250311081334.9DCCFFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:722-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.8 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 5.8 Severity : moderate Type : recommended References : 1223596 1228216 1230145 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 229 Released: Mon Mar 10 14:39:19 2025 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596,1230145 This update for e2fsprogs fixes the following issues: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145) - EA Inode handling fixes * e2fsck: Add more checks for EA inode consistency (bsc#1223596) * e2fsck: Fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: 227 Released: Mon Mar 10 14:39:19 2025 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216 This update for strace fixes the following issues: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). The following package changes have been done: - SL-Micro-release-6.0-25.4 updated - libcom_err2-1.47.0-3.1 updated - libext2fs2-1.47.0-3.1 updated - e2fsprogs-1.47.0-3.1 updated - strace-6.7-2.1 updated - container:SL-Micro-base-container-2.1.3-5.8 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:13:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:13:55 +0100 (CET) Subject: SUSE-IU-2025:723-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20250311081355.E872EFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:723-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.8 , suse/sl-micro/6.0/base-os-container:latest Image Release : 5.8 Severity : moderate Type : recommended References : 1223596 1230145 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 229 Released: Mon Mar 10 14:39:19 2025 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596,1230145 This update for e2fsprogs fixes the following issues: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145) - EA Inode handling fixes * e2fsck: Add more checks for EA inode consistency (bsc#1223596) * e2fsck: Fix golden output of several tests (bsc#1223596) The following package changes have been done: - SL-Micro-release-6.0-25.4 updated - libcom_err2-1.47.0-3.1 updated - libext2fs2-1.47.0-3.1 updated - e2fsprogs-1.47.0-3.1 updated - container:suse-toolbox-image-1.0.0-7.4 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:14:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:14:18 +0100 (CET) Subject: SUSE-IU-2025:724-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250311081418.E4F17FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:724-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-5.8 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 5.8 Severity : moderate Type : recommended References : 1223596 1230145 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 229 Released: Mon Mar 10 14:39:19 2025 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596,1230145 This update for e2fsprogs fixes the following issues: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145) - EA Inode handling fixes * e2fsck: Add more checks for EA inode consistency (bsc#1223596) * e2fsck: Fix golden output of several tests (bsc#1223596) The following package changes have been done: - SL-Micro-release-6.0-25.4 updated - libcom_err2-1.47.0-3.1 updated - libext2fs2-1.47.0-3.1 updated - e2fsprogs-1.47.0-3.1 updated - container:SL-Micro-base-container-2.1.3-5.8 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:14:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:14:44 +0100 (CET) Subject: SUSE-IU-2025:725-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250311081444.1B3B3FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:725-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-6.7 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 6.7 Severity : moderate Type : recommended References : 1223596 1230145 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 229 Released: Mon Mar 10 14:39:19 2025 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596,1230145 This update for e2fsprogs fixes the following issues: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145) - EA Inode handling fixes * e2fsck: Add more checks for EA inode consistency (bsc#1223596) * e2fsck: Fix golden output of several tests (bsc#1223596) The following package changes have been done: - SL-Micro-release-6.0-25.4 updated - libcom_err2-1.47.0-3.1 updated - libext2fs2-1.47.0-3.1 updated - e2fsprogs-1.47.0-3.1 updated - container:SL-Micro-container-2.1.3-5.8 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:16:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:16:42 +0100 (CET) Subject: SUSE-CU-2025:1671-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250311081642.C7E01FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1671-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.51 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.51 , suse/ltss/sle15.3/sle15:latest Container Release : 2.51 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:822-1 Released: Mon Mar 10 16:33:34 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - krb5-1.19.2-150300.22.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:19:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:19:39 +0100 (CET) Subject: SUSE-CU-2025:1672-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250311081939.EFCC6FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1672-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.6 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 08:25:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 09:25:13 +0100 (CET) Subject: SUSE-CU-2025:1677-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250311082513.31DF5FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1677-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.91 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.91 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:822-1 Released: Mon Mar 10 16:33:34 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - krb5-1.19.2-150300.22.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 16:55:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 17:55:36 +0100 (CET) Subject: SUSE-CU-2025:1678-1: Recommended update of containers/apache-tomcat Message-ID: <20250311165536.6611CFDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1678-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.37 Container Release : 62.37 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 16:55:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 17:55:54 +0100 (CET) Subject: SUSE-CU-2025:1679-1: Recommended update of containers/apache-tomcat Message-ID: <20250311165554.D6DE9FDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1679-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.37 Container Release : 62.37 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 16:56:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 17:56:14 +0100 (CET) Subject: SUSE-CU-2025:1680-1: Recommended update of containers/apache-tomcat Message-ID: <20250311165614.0CC5BFDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1680-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.37 Container Release : 62.37 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 16:56:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 17:56:32 +0100 (CET) Subject: SUSE-CU-2025:1681-1: Recommended update of containers/apache-tomcat Message-ID: <20250311165632.4FF0EFDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1681-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.38 Container Release : 62.38 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 16:56:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 17:56:51 +0100 (CET) Subject: SUSE-CU-2025:1682-1: Recommended update of containers/apache-tomcat Message-ID: <20250311165651.018E8FDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1682-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.38 Container Release : 62.38 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 16:57:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 17:57:07 +0100 (CET) Subject: SUSE-CU-2025:1683-1: Recommended update of containers/apache-tomcat Message-ID: <20250311165707.AB640FDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1683-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.38 Container Release : 62.38 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Tue Mar 11 16:57:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Mar 2025 17:57:21 +0100 (CET) Subject: SUSE-CU-2025:1684-1: Recommended update of containers/apache-tomcat Message-ID: <20250311165721.4C611FDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1684-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.38 Container Release : 62.38 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:02:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:02:48 +0100 (CET) Subject: SUSE-CU-2025:1686-1: Recommended update of containers/milvus Message-ID: <20250312080248.A5F0BFF1F@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1686-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.59 Container Release : 7.59 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - boost-license1_86_0-1.86.0-150600.1.8 updated - timezone-2025a-150600.91.3.1 updated - libboost_program_options1_86_0-1.86.0-150600.1.8 updated - libboost_filesystem1_86_0-1.86.0-150600.1.8 updated - libboost_context1_86_0-1.86.0-150600.1.8 updated - libprotobuf25_5_0-25.5-150600.2.40 updated - libthrift-0_17_0-0.17.0-150600.1.13 updated - libfolly0-2023.10.30.00-150600.1.11 updated - libarrow1700-17.0.0-150600.2.18 updated - libparquet1700-17.0.0-150600.2.18 updated - lib-opentelemetry-cpp1_9_1-1.9.1-150600.1.11 updated - milvus-cppcpu-2.4.6-150600.1.21 updated - milvus-2.4.6-150600.1.25 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:03:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:03:46 +0100 (CET) Subject: SUSE-CU-2025:1688-1: Recommended update of containers/open-webui Message-ID: <20250312080346.47F37FF21@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1688-1 Container Tags : containers/open-webui:0.5 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-8.9 Container Release : 8.9 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:03:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:03:45 +0100 (CET) Subject: SUSE-CU-2025:1687-1: Recommended update of containers/open-webui Message-ID: <20250312080345.7FD08FDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1687-1 Container Tags : containers/open-webui:0.5 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-8.8 Container Release : 8.8 Severity : important Type : recommended References : 1237374 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - python311-rank-bm25-0.2.2-150600.1.11 updated - libcrc32c1-1.1.2-150400.9.3.1 added - libgeos3_12_2-3.12.2-150600.1.10 added - libgflags2_2-2.2.2-150600.1.10 updated - libtbb12-2021.13.0-150600.1.10 updated - libthrift-0_17_0-0.17.0-150600.1.13 updated - opencv4-cascades-data-4.11.0-150600.1.3 updated - pkg-config-0.29.2-150600.15.3.1 updated - libprotobuf25_5_0-25.5-150600.2.40 updated - libgeos_c1-3.12.2-150600.1.10 added - libglog-4-0-0.4.0-150600.1.10 updated - python311-xlrd-2.0.1-150600.1.11 updated - python311-wrapt-1.16.0-150600.1.11 updated - python311-websockets-13.1-150600.1.2 added - python311-validators-0.34.0-150600.1.11 updated - python311-uritemplate-4.1.1-150600.1.9 updated - python311-tzdata-2024.1-150600.1.10 updated - python311-typing_extensions-4.12.2-150600.1.10 updated - python311-tqdm-4.66.4-150600.1.11 updated - python311-threadpoolctl-3.5.0-150600.1.10 updated - python311-tenacity-9.0.0-150600.1.9 updated - python311-sniffio-1.3.1-150600.1.11 updated - python311-six-1.16.0-150600.1.11 updated - python311-setuptools-72.1.0-150600.1.9 updated - python311-safetensors-0.4.3-150600.1.15 updated - python311-regex-2024.5.15-150600.1.12 updated - python311-red-black-tree-mod-1.22-150600.1.11 updated - python311-rapidocr-onnxruntime-1.3.24-150600.1.15 updated - python311-pyxlsb-1.0.10-150600.1.11 updated - python311-pytube-15.0.0-150600.1.11 updated - python311-python-multipart-0.0.20-150600.1.2 updated - python311-python-iso639-2024.4.27-150600.1.10 updated - python311-pypdf-4.3.1-150600.1.11 updated - python311-pymongo-4.6.3-150600.1.12 updated - python311-pyclipper-1.3.0.post5-150600.1.11 added - python311-psycopg2-2.9.9-150600.1.17 updated - python311-protobuf-4.25.5-150600.2.40 updated - python311-propcache-0.2.0-150600.1.2 added - python311-primp-0.6.3-150600.1.15 updated - python311-peewee-3.17.8-150600.1.2 updated - python311-packaging-24.1-150600.1.9 updated - python311-overrides-7.7.0-150600.1.11 updated - python311-orjson-3.10.7-150600.1.19 updated - python311-onnxruntime-1.19.2-150600.1.11 updated - python311-olefile-0.47-150600.1.11 updated - python311-nest-asyncio-1.6.0-150600.1.10 updated - python311-monotonic-1.6-150600.1.9 updated - python311-mmh3-4.1.0-150600.1.14 updated - python311-langsmith-0.1.52-150600.1.20 updated - python311-langfuse-2.44.0-150600.1.10 updated - python311-jsonpath-python-1.0.6-150600.1.11 updated - python311-jiter-0.5.0-150600.1.14 updated - python311-jdcal-1.4.1-150600.1.10 updated - python311-importlib-resources-6.1.1-150600.1.12 updated - python311-idna-3.8-150600.1.10 updated - python311-hyperframe-6.0.1-150400.8.3.9 added - python311-hpack-4.0.0-150400.8.3.9 added - python311-greenlet-3.1.0-150600.1.16 updated - python311-google-crc32c-1.5.0-150400.9.3.1 added - python311-filetype-1.2.0-150600.1.9 updated - python311-emoji-2.13.2-150600.1.11 updated - python311-einops-0.8.0-150600.1.10 updated - python311-ebcdic-1.1.1-150600.1.12 updated - python311-easygui-0.98.3-150600.1.9 updated - python311-docx2txt-0.8-150600.1.11 updated - python311-django-cache-url-3.4.5-150600.1.17 updated - python311-dj-email-url-1.0.6-150600.1.9 updated - python311-distro-1.9.0-150600.1.11 updated - python311-dill-0.3.8-150600.1.15 updated - python311-defusedxml-0.7.1-150600.1.11 updated - python311-compressed_rtf-1.0.6-150600.1.10 updated - python311-colorclass-2.2.2-150600.1.10 updated - python311-click-8.1.7-150600.1.11 updated - python311-charset-normalizer-3.3.2-150600.1.11 updated - python311-certifi-2024.7.4-150600.1.24 updated - python311-cchardet-2.1.19-150600.1.21 updated - python311-bitarray-2.9.2-150600.1.11 updated - python311-bcrypt-4.2.0-150600.1.14 updated - python311-backoff-2.2.1-150600.1.12 updated - python311-async_timeout-4.0.3-150600.1.2 updated - python311-appdirs-1.4.4-150600.1.9 updated - python311-annotated-types-0.7.0-150600.1.10 updated - python311-aiohappyeyeballs-2.3.7-150600.1.10 updated - python311-aiofiles-24.1.0-150600.1.2 added - python311-XlsxWriter-3.2.0-150600.1.10 updated - python311-Pygments-2.19.1-150600.1.1 updated - python311-PyYAML-6.0.1-150600.1.11 updated - python311-PyPika-0.48.9-150600.1.11 updated - python311-Events-0.5-150600.1.1 added - python311-pypandoc-1.14-150600.1.13 updated - python311-importlib-metadata-7.1.0-150600.1.11 updated - python311-ftfy-6.3.1-150600.1.2 updated - python311-pydantic-core-2.27.2-150600.1.13 updated - python311-asgiref-3.8.1-150600.1.10 updated - python311-lark-1.1.9-150600.1.11 updated - python311-cffi-1.17.0-150600.1.11 updated - python311-ldap3-2.9.1-150600.1.2 added - python311-proto-plus-1.24.0-150600.1.15 updated - python311-opentelemetry-proto-1.27.0-150600.1.14 updated - python311-Pillow-10.4.0-150600.1.13 updated - python311-typing-inspect-0.9.0-150600.1.11 updated - python311-jsonpatch-1.33-150600.1.10 updated - python311-fake-useragent-1.5.1-150600.1.10 updated - python311-yarl-1.18.3-150600.1.2 updated - python311-anyio-4.4.0-150600.1.14 updated - python311-h2-4.2.0-150600.1.2 added - python311-SQLAlchemy-2.0.32-150600.1.15 updated - python311-multiprocess-0.70.16-150600.1.12 updated - python311-python-oxmsg-0.0.1-150600.1.9 updated - python311-peewee-migrate-1.13.0-150600.1.10 updated - python311-redis-5.0.8-150600.1.13 updated - python311-Werkzeug-3.0.4-150600.1.10 updated - python311-grpcio-1.69.0-150600.1.3 updated - libarrow1700-17.0.0-150600.2.18 updated - python311-mpmath-1.3.0-150600.1.11 updated - libctranslate2-4-4.4.0-150600.1.9 updated - python311-build-1.2.1-150600.1.10 updated - python311-Markdown-3.7-150600.1.11 updated - python311-opentelemetry-api-1.27.0-150600.1.9 updated - python311-pydantic-2.10.6-150600.1.15 updated - python311-marshmallow-3.20.2-150600.1.6 updated - python311-cryptography-43.0.1-150600.1.17 updated - python311-opentelemetry-exporter-otlp-proto-common-1.27.0-150600.1.14 updated - python311-rich-13.7.1-150600.1.11 updated - python311-starlette-0.41.3-150600.1.2 updated - python311-httpcore-1.0.5-150600.1.9 updated - python311-duckduckgo-search-7.4.4-150600.1.4 updated - python311-aiohttp-3.11.11-150600.1.5 updated - python311-python-pptx-1.0.2-150600.1.10 updated - python311-et_xmlfile-1.0.1-150600.1.11 updated - python311-beautifulsoup4-4.12.3-150600.1.10 updated - python311-portalocker-2.7.0-150400.10.7.4 added - python311-aiocache-0.12.3-150600.1.3 added - python311-APScheduler-3.10.4-150600.1.18 updated - python311-alembic-1.14.1-150600.1.3 updated - python311-Flask-3.0.3-150600.1.9 updated - python311-grpcio-tools-1.68.1-150600.1.4 added - python311-googleapis-common-protos-1.63.2-150600.1.15 updated - libparquet1700-17.0.0-150600.2.18 updated - libarrow_acero1700-17.0.0-150600.2.18 updated - python311-psutil-6.0.0-150600.1.13 updated - python311-python-jose-3.3.0-150600.1.10 updated - python311-ctranslate2-4.4.0-150600.1.11 updated - python311-numpy1-1.26.4-150600.1.24 updated - python311-pymdown-extensions-10.14.3-150600.1.1 added - python311-opentelemetry-semantic-conventions-0.48b0-150600.1.9 updated - python311-opentelemetry-instrumentation-0.48b0-150600.1.9 updated - python311-langchain-core-0.3.37-150600.1.6 updated - python311-dataclasses-json-0.6.7-150600.1.17 updated - python311-pyOpenSSL-24.2.1-150600.1.9 updated - python311-msoffcrypto-tool-4.10.2-150600.1.12 updated - python311-PyMySQL-1.1.1-150600.1.12 updated - python311-PyJWT-2.10.1-150600.1.4 updated - python311-argon2-cffi-23.1.0-150600.1.8 updated - python311-typer-slim-0.12.5-150600.1.17 updated - python311-fastapi-0.115.8-150600.1.13 updated - python311-httpx-0.28.1-150600.1.2 updated - python311-black-24.8.0-150600.1.15 updated - python311-openpyxl-3.1.5-150600.1.10 updated - python311-Flask-Cors-5.0.0-150600.1.9 updated - python311-grpcio-status-1.62.2-150600.1.11 updated - libarrow_flight1700-17.0.0-150600.2.18 updated - libarrow_dataset1700-17.0.0-150600.2.18 updated - python311-torch-2.5.0-150600.1.11 updated - python311-sympy-1.12.1-150600.1.10 updated - python311-scipy-1.14.1-150600.1.24 updated - python311-pgvector-0.3.6-150600.1.6 added - python311-pandas-2.2.3-150600.1.25 updated - python311-joblib-1.4.2-150600.1.12 updated - python311-chroma-hnswlib-0.7.6-150600.2.10 updated - python311-SoundFile-0.13.1-150600.1.2 added - python311-Shapely-2.0.6-150600.1.12 added - python311-opentelemetry-sdk-1.27.0-150600.1.9 updated - python311-langchain-text_splitters-0.3.19-150600.1.5 updated - python311-oletools-0.60.2-150600.1.11 updated - python311-Django-5.1.1-150600.1.16 updated - python311-typer-0.12.5-150600.1.17 updated - python311-pyarrow-17.0.0-150600.2.30 updated - python311-FontTools-4.53.1-150600.1.11 updated - python311-scikit-learn-1.5.1-150600.1.26 updated - python311-opentelemetry-util-http-0.48b0-150600.1.8 updated - python311-opentelemetry-exporter-otlp-proto-grpc-1.27.0-150600.1.19 updated - python311-requests-2.32.3-150600.1.10 updated - python311-qdrant-client-1.13.2-150600.1.6 added - python311-RTFDE-0.1.1-150600.1.12 updated - python311-dj-database-url-2.3.0-150600.1.16 updated - python311-fpdf2-2.8.2-150600.1.5 updated - libopencv411-4.11.0-150600.1.3 added - python311-opentelemetry-instrumentation-asgi-0.48b0-150600.1.8 updated - python311-youtube-transcript-api-0.6.3-150600.1.4 updated - python311-tiktoken-0.7.0-150600.1.15 updated - python311-python-engineio-4.8.0-150600.1.18 updated - python311-posthog-3.6.0-150600.1.12 updated - python311-nltk-3.9.1-150600.1.17 updated - python311-google-resumable-media-2.7.0-150400.10.4.1 added - python311-google-auth-2.34.0-150600.1.15 updated - python311-fsspec-2024.3.1-150600.1.11 updated - python311-docker-7.1.0-150600.1.11 updated - python311-botocore-1.36.11-150600.1.2 updated - python311-Authlib-1.4.1-150600.1.6 updated - python311-extract-msg-0.49.0-150600.1.14 updated - python311-environs-11.0.0-150600.1.18 updated - libopencv_objdetect411-4.11.0-150600.1.3 added - libopencv_imgcodecs411-4.11.0-150600.1.3 added - python311-opentelemetry-instrumentation-fastapi-0.48b0-150600.1.9 updated - python311-unstructured-client-0.25.9-150600.1.10 updated - python311-langchain-community-0.3.18-150600.1.6 updated - python311-langchain-0.3.19-150600.1.5 updated - python311-python-socketio-5.11.4-150600.1.17 updated - python311-kubernetes-28.1.0-150600.1.16 updated - python311-google-auth-oauthlib-1.2.1-150600.1.6 added - python311-google-auth-httplib2-0.2.0-150600.1.15 updated - python311-google-api-core-2.19.2-150600.1.19 updated - python311-huggingface-hub-0.23.4-150600.1.12 updated - python311-s3transfer-0.11.1-150600.1.4 updated - python311-opensearch-py-2.8.0-150600.1.2 added - python311-pymilvus-2.5.4-150600.1.2 updated - libopencv_face411-4.11.0-150600.1.3 added - libopencv_aruco411-4.11.0-150600.1.3 added - libopencv_ximgproc411-4.11.0-150600.1.3 added - python311-google-cloud-core-2.4.1-150400.5.4.1 added - python311-google-api-python-client-2.143.0-150600.1.19 updated - python311-google-ai-generativelanguage-0.6.10-150600.1.19 updated - python311-tokenizers-0.20.0-150600.1.14 updated - python311-boto3-1.36.11-150600.1.4 updated - python311-av-11.0.0-150600.1.15 updated - libopencv_optflow411-4.11.0-150600.1.3 added - libopencv_highgui411-4.11.0-150600.1.3 added - python311-google-cloud-storage-2.19.0-150600.1.2 added - python311-google-generativeai-0.8.2-150600.1.21 updated - python311-datasets-3.0.1-150600.1.21 updated - python311-transformers-4.44.2-150600.1.13 updated - python311-chromadb-0.6.3-150600.1.2 updated - python311-faster_whisper-1.1.1-150600.1.2 updated - python311-pydub-0.25.1-150600.1.18 updated - libopencv_gapi411-4.11.0-150600.1.3 added - python311-sentence-transformers-3.4.1-150600.1.2 updated - python311-colbert-ai-0.2.21-150600.1.22 updated - python311-unstructured-0.16.23-150600.1.2 updated - libopencv_videoio411-4.11.0-150600.1.3 added - python311-opencv-4.11.0-150600.1.3 updated - python311-open-webui-0.5.14-150600.1.1 updated - libopencv410-4.10.0-150600.1.17 removed - libopencv_aruco410-4.10.0-150600.1.17 removed - libopencv_face410-4.10.0-150600.1.17 removed - libopencv_gapi410-4.10.0-150600.1.17 removed - libopencv_highgui410-4.10.0-150600.1.17 removed - libopencv_imgcodecs410-4.10.0-150600.1.17 removed - libopencv_objdetect410-4.10.0-150600.1.17 removed - libopencv_optflow410-4.10.0-150600.1.17 removed - libopencv_videoio410-4.10.0-150600.1.17 removed - libopencv_ximgproc410-4.10.0-150600.1.17 removed - python311-iniconfig-2.0.0-150400.10.6.1 removed - python311-langchain-chroma-0.1.4-150600.1.9 removed - python311-pluggy-1.5.0-150600.1.10 removed - python311-pytest-8.3.2-150600.1.10 removed - python311-pytest-docker-3.1.1-150600.1.12 removed From sle-container-updates at lists.suse.com Wed Mar 12 08:04:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:04:45 +0100 (CET) Subject: SUSE-IU-2025:729-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250312080445.99D86FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:729-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.152 , suse/sle-micro/base-5.5:latest Image Release : 5.8.152 Severity : important Type : security References : 1189788 1208995 1216091 1220946 1225742 1232472 1232919 1233701 1233749 1234154 1234650 1234853 1234891 1234963 1235054 1235061 1235073 1235111 1236133 1236289 1236481 1236576 1236661 1236677 1236757 1236758 1236760 1236761 1236777 1236951 1237025 1237028 1237044 1237139 1237316 1237693 1238033 CVE-2022-49080 CVE-2023-1192 CVE-2023-52572 CVE-2024-50115 CVE-2024-53135 CVE-2024-53173 CVE-2024-53226 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56605 CVE-2024-57948 CVE-2025-21647 CVE-2025-21690 CVE-2025-21692 CVE-2025-21699 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:833-1 Released: Tue Mar 11 11:53:19 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208995,1220946,1225742,1232472,1232919,1233701,1233749,1234154,1234650,1234853,1234891,1234963,1235054,1235061,1235073,1235111,1236133,1236289,1236576,1236661,1236677,1236757,1236758,1236760,1236761,1236777,1236951,1237025,1237028,1237139,1237316,1237693,1238033,CVE-2022-49080,CVE-2023-1192,CVE-2023-52572,CVE-2024-50115,CVE-2024-53135,CVE-2024-53173,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56605,CVE-2024-57948,CVE-2025-21647,CVE-2025-21690,CVE-2025-21692,CVE-2025-21699 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576) - CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777). - iavf: fix the waiting time for initial reset (bsc#1235111). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111). - idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316). - ipv4/tcp: do not use per netns ctl sockets (bsc#1237693). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: introduce a function to check if a netdev name is in use (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: minor __dev_alloc_name() optimization (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - nfsd: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472). - rcu: Remove rcu_is_idle_cpu() (bsc#1236289). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289). - x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289). - x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289). - x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289). - x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289). - x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289). - x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289). - x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289). - x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289). - x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289). - x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (bsc#1236951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:838-1 Released: Tue Mar 11 13:11:21 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - kernel-default-5.14.21-150500.55.97.1 updated - libzypp-17.36.3-150500.6.42.1 updated - zypper-1.14.85-150500.6.26.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:05:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:05:14 +0100 (CET) Subject: SUSE-IU-2025:730-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250312080514.24189FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:730-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.292 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.292 Severity : important Type : security References : 1208995 1220946 1225742 1232472 1232919 1233701 1233749 1234154 1234650 1234853 1234891 1234963 1235054 1235061 1235073 1235111 1236133 1236289 1236576 1236661 1236677 1236757 1236758 1236760 1236761 1236777 1236951 1237025 1237028 1237139 1237316 1237693 1238033 CVE-2022-49080 CVE-2023-1192 CVE-2023-52572 CVE-2024-50115 CVE-2024-53135 CVE-2024-53173 CVE-2024-53226 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56605 CVE-2024-57948 CVE-2025-21647 CVE-2025-21690 CVE-2025-21692 CVE-2025-21699 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:833-1 Released: Tue Mar 11 11:53:19 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208995,1220946,1225742,1232472,1232919,1233701,1233749,1234154,1234650,1234853,1234891,1234963,1235054,1235061,1235073,1235111,1236133,1236289,1236576,1236661,1236677,1236757,1236758,1236760,1236761,1236777,1236951,1237025,1237028,1237139,1237316,1237693,1238033,CVE-2022-49080,CVE-2023-1192,CVE-2023-52572,CVE-2024-50115,CVE-2024-53135,CVE-2024-53173,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56605,CVE-2024-57948,CVE-2025-21647,CVE-2025-21690,CVE-2025-21692,CVE-2025-21699 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576) - CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777). - iavf: fix the waiting time for initial reset (bsc#1235111). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111). - idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316). - ipv4/tcp: do not use per netns ctl sockets (bsc#1237693). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: introduce a function to check if a netdev name is in use (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: minor __dev_alloc_name() optimization (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - nfsd: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472). - rcu: Remove rcu_is_idle_cpu() (bsc#1236289). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289). - x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289). - x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289). - x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289). - x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289). - x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289). - x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289). - x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289). - x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289). - x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289). - x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (bsc#1236951). The following package changes have been done: - kernel-default-base-5.14.21-150500.55.97.1.150500.6.45.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.152 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:06:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:06:38 +0100 (CET) Subject: SUSE-IU-2025:732-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250312080638.6DE21FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:732-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.259 , suse/sle-micro/5.5:latest Image Release : 5.5.259 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150000.75.31.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.152 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:11:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:11:10 +0100 (CET) Subject: SUSE-CU-2025:1692-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250312081110.544F7FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1692-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.98 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.98 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:839-1 Released: Tue Mar 11 13:12:01 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150400.3.116.1 updated - timezone-2025a-150000.75.31.1 updated - zypper-1.14.85-150400.3.79.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:14:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:14:09 +0100 (CET) Subject: SUSE-CU-2025:1694-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250312081409.30DBFFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1694-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.98 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.98 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:839-1 Released: Tue Mar 11 13:12:01 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150400.3.116.1 updated - timezone-2025a-150000.75.31.1 updated - zypper-1.14.85-150400.3.79.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:14:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:14:31 +0100 (CET) Subject: SUSE-IU-2025:733-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250312081431.A700EFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:733-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.9 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 5.9 Severity : moderate Type : recommended References : 1220338 1229228 1231048 1232227 1232844 1233752 1234015 1234313 1234765 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 230 Released: Tue Mar 11 11:01:13 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1220338,1229228,1231048,1232227,1232844,1233752,1234015,1234313,1234765 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - drop efifar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) - restore some legacy symlinks Given that SLE16 will be based on SLFO, we have no choice but to continue supporting these compat symlinks. This compatibility code is no longer maintained in the Git repository though, as we primarily backport upstream commits these days. Additionally, the compat code rarely changes and often causes conflicts when merged into recent versions of systemd. The following package changes have been done: - libudev1-254.23-1.1 updated - libsystemd0-254.23-1.1 updated - SL-Micro-release-6.0-25.5 updated - systemd-254.23-1.1 updated - udev-254.23-1.1 updated - container:SL-Micro-base-container-2.1.3-5.9 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:14:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:14:52 +0100 (CET) Subject: SUSE-IU-2025:734-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20250312081452.68ABDFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:734-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.9 , suse/sl-micro/6.0/base-os-container:latest Image Release : 5.9 Severity : moderate Type : recommended References : 1220338 1229228 1231048 1232227 1232844 1233752 1234015 1234313 1234765 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 230 Released: Tue Mar 11 11:01:13 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1220338,1229228,1231048,1232227,1232844,1233752,1234015,1234313,1234765 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - drop efifar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) - restore some legacy symlinks Given that SLE16 will be based on SLFO, we have no choice but to continue supporting these compat symlinks. This compatibility code is no longer maintained in the Git repository though, as we primarily backport upstream commits these days. Additionally, the compat code rarely changes and often causes conflicts when merged into recent versions of systemd. The following package changes have been done: - libudev1-254.23-1.1 updated - libsystemd0-254.23-1.1 updated - SL-Micro-release-6.0-25.5 updated - systemd-254.23-1.1 updated - udev-254.23-1.1 updated - container:suse-toolbox-image-1.0.0-7.5 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:15:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:15:13 +0100 (CET) Subject: SUSE-IU-2025:735-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250312081513.252A3FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:735-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-5.9 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 5.9 Severity : moderate Type : recommended References : 1220338 1229228 1231048 1232227 1232844 1233752 1234015 1234313 1234765 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 230 Released: Tue Mar 11 11:01:13 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1220338,1229228,1231048,1232227,1232844,1233752,1234015,1234313,1234765 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - drop efifar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) - restore some legacy symlinks Given that SLE16 will be based on SLFO, we have no choice but to continue supporting these compat symlinks. This compatibility code is no longer maintained in the Git repository though, as we primarily backport upstream commits these days. Additionally, the compat code rarely changes and often causes conflicts when merged into recent versions of systemd. The following package changes have been done: - libudev1-254.23-1.1 updated - libsystemd0-254.23-1.1 updated - SL-Micro-release-6.0-25.5 updated - systemd-254.23-1.1 updated - udev-254.23-1.1 updated - container:SL-Micro-base-container-2.1.3-5.9 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:15:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:15:34 +0100 (CET) Subject: SUSE-IU-2025:736-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250312081534.AE63BFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:736-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-6.8 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 6.8 Severity : moderate Type : recommended References : 1220338 1229228 1231048 1232227 1232844 1233752 1234015 1234313 1234765 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 230 Released: Tue Mar 11 11:01:13 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1220338,1229228,1231048,1232227,1232844,1233752,1234015,1234313,1234765 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - drop efifar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) - restore some legacy symlinks Given that SLE16 will be based on SLFO, we have no choice but to continue supporting these compat symlinks. This compatibility code is no longer maintained in the Git repository though, as we primarily backport upstream commits these days. Additionally, the compat code rarely changes and often causes conflicts when merged into recent versions of systemd. The following package changes have been done: - libudev1-254.23-1.1 updated - libsystemd0-254.23-1.1 updated - SL-Micro-release-6.0-25.5 updated - systemd-254.23-1.1 updated - udev-254.23-1.1 updated - container:SL-Micro-container-2.1.3-5.9 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:16:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:16:32 +0100 (CET) Subject: SUSE-IU-2025:737-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250312081632.B370CFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:737-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.10 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.10 Severity : moderate Type : recommended References : 1211649 1211888 1216063 1219001 1220338 1222584 1222684 1223849 1226492 1229228 1232227 1232844 1233289 1233752 1234015 1234313 1234765 CVE-2024-4418 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 40 Released: Tue Mar 11 15:04:31 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: 1222584,1223849,1226492,1233289,CVE-2024-4418 This update for elemental-toolkit fixes the following issues: - Update to v2.2.2: * 1fbc11ea Fixes squashfs images creation (#2230) [bsc#1233289] ----------------------------------------------------------------- Advisory ID: 39 Released: Tue Mar 11 15:13:05 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1211649,1211888,1216063,1219001,1220338,1222684,1229228,1232227,1232844,1233752,1234015,1234313,1234765 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - Add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - Drop suppor for efivar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. Let's get ahead and drop it now as this feature is unlikely to be used on SUSE distros and it might be used to gain access to encrypted SLEM systems with unattended disk unlock and with secure boot disabled. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) The following package changes have been done: - libudev1-254.23-slfo.1.1_1.1 updated - libsystemd0-254.23-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.10 updated - systemd-254.23-slfo.1.1_1.1 updated - udev-254.23-slfo.1.1_1.1 updated - elemental-toolkit-2.2.2-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.9 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:16:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:16:41 +0100 (CET) Subject: SUSE-IU-2025:738-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20250312081641.489B9FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:738-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.9 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.9 Severity : moderate Type : recommended References : 1211649 1211888 1216063 1219001 1220338 1222584 1222684 1223849 1226492 1229228 1232227 1232844 1233289 1233752 1234015 1234313 1234765 CVE-2024-4418 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 40 Released: Tue Mar 11 15:04:31 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: 1222584,1223849,1226492,1233289,CVE-2024-4418 This update for elemental-toolkit fixes the following issues: - Update to v2.2.2: * 1fbc11ea Fixes squashfs images creation (#2230) [bsc#1233289] ----------------------------------------------------------------- Advisory ID: 39 Released: Tue Mar 11 15:13:05 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1211649,1211888,1216063,1219001,1220338,1222684,1229228,1232227,1232844,1233752,1234015,1234313,1234765 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - Add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - Drop suppor for efivar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. Let's get ahead and drop it now as this feature is unlikely to be used on SUSE distros and it might be used to gain access to encrypted SLEM systems with unattended disk unlock and with secure boot disabled. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) The following package changes have been done: - libudev1-254.23-slfo.1.1_1.1 updated - libsystemd0-254.23-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.10 updated - systemd-254.23-slfo.1.1_1.1 updated - udev-254.23-slfo.1.1_1.1 updated - elemental-toolkit-2.2.2-slfo.1.1_1.1 updated - container:suse-toolbox-image-1.0.0-4.9 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:16:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:16:51 +0100 (CET) Subject: SUSE-IU-2025:739-1: Recommended update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250312081651.90CE4FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:739-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.8 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.8 Severity : moderate Type : recommended References : 1211649 1211888 1216063 1219001 1220338 1222584 1222684 1223849 1226492 1229228 1232227 1232844 1233289 1233752 1234015 1234313 1234765 CVE-2024-4418 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 40 Released: Tue Mar 11 15:04:31 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: 1222584,1223849,1226492,1233289,CVE-2024-4418 This update for elemental-toolkit fixes the following issues: - Update to v2.2.2: * 1fbc11ea Fixes squashfs images creation (#2230) [bsc#1233289] ----------------------------------------------------------------- Advisory ID: 39 Released: Tue Mar 11 15:13:05 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1211649,1211888,1216063,1219001,1220338,1222684,1229228,1232227,1232844,1233752,1234015,1234313,1234765 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - Add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - Drop suppor for efivar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. Let's get ahead and drop it now as this feature is unlikely to be used on SUSE distros and it might be used to gain access to encrypted SLEM systems with unattended disk unlock and with secure boot disabled. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) The following package changes have been done: - libudev1-254.23-slfo.1.1_1.1 updated - libsystemd0-254.23-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.10 updated - systemd-254.23-slfo.1.1_1.1 updated - udev-254.23-slfo.1.1_1.1 updated - elemental-toolkit-2.2.2-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.9 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:17:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:17:02 +0100 (CET) Subject: SUSE-IU-2025:740-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250312081702.CD624FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:740-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.9 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.9 Severity : moderate Type : recommended References : 1211649 1211888 1216063 1219001 1220338 1222584 1222684 1223849 1226492 1229228 1232227 1232844 1233289 1233752 1234015 1234313 1234765 CVE-2024-4418 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 40 Released: Tue Mar 11 15:04:31 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: 1222584,1223849,1226492,1233289,CVE-2024-4418 This update for elemental-toolkit fixes the following issues: - Update to v2.2.2: * 1fbc11ea Fixes squashfs images creation (#2230) [bsc#1233289] ----------------------------------------------------------------- Advisory ID: 39 Released: Tue Mar 11 15:13:05 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1211649,1211888,1216063,1219001,1220338,1222684,1229228,1232227,1232844,1233752,1234015,1234313,1234765 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - Add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - Drop suppor for efivar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. Let's get ahead and drop it now as this feature is unlikely to be used on SUSE distros and it might be used to gain access to encrypted SLEM systems with unattended disk unlock and with secure boot disabled. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) The following package changes have been done: - libudev1-254.23-slfo.1.1_1.1 updated - libsystemd0-254.23-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.10 updated - systemd-254.23-slfo.1.1_1.1 updated - udev-254.23-slfo.1.1_1.1 updated - elemental-toolkit-2.2.2-slfo.1.1_1.1 updated - container:SL-Micro-container-2.2.0-4.10 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:17:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:17:53 +0100 (CET) Subject: SUSE-CU-2025:1703-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250312081753.1F375FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1703-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.55 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.55 Severity : important Type : security References : 1214290 1228044 1236282 1236588 1236590 1236619 1236842 1236878 1237363 1237370 1237418 CVE-2023-4016 CVE-2024-12133 CVE-2024-56171 CVE-2025-0167 CVE-2025-0395 CVE-2025-0725 CVE-2025-24528 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:351-1 Released: Tue Feb 4 10:28:20 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:371-1 Released: Wed Feb 5 16:34:53 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:510-1 Released: Thu Feb 13 12:33:40 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1228044,1236282,CVE-2025-0395 This update for glibc fixes the following issue: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282, BZ #32582)) - s390x-wcsncmp patch: s390x: Fix segfault in wcsncmp (bsc#1228044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:512-1 Released: Thu Feb 13 12:47:08 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:725-1 Released: Wed Feb 26 14:36:41 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:747-1 Released: Fri Feb 28 17:11:44 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The following package changes have been done: - glibc-2.22-114.40.1 updated - krb5-1.16.3-46.18.1 updated - libcurl4-8.0.1-11.105.1 updated - libprocps3-3.3.9-11.33.1 updated - libtasn1-6-4.9-3.16.1 updated - libtasn1-4.9-3.16.1 updated - libxml2-2-2.9.4-46.81.1 updated - procps-3.3.9-11.33.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:18:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:18:49 +0100 (CET) Subject: SUSE-CU-2025:1705-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250312081849.EB38CFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1705-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.53 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.53 , suse/ltss/sle15.3/sle15:latest Container Release : 2.53 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:840-1 Released: Tue Mar 11 13:12:51 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150200.150.1 updated - timezone-2025a-150000.75.31.1 updated - zypper-1.14.85-150200.108.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:19:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:19:46 +0100 (CET) Subject: SUSE-CU-2025:1707-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250312081946.A44EFFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1707-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.29 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.29 , suse/ltss/sle15.4/sle15:latest Container Release : 2.29 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:839-1 Released: Tue Mar 11 13:12:01 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150400.3.116.1 updated - timezone-2025a-150000.75.31.1 updated - zypper-1.14.85-150400.3.79.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:22:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:22:07 +0100 (CET) Subject: SUSE-CU-2025:1708-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250312082207.5CEF8FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1708-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.19 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.19 , suse/ltss/sle15.5/sle15:latest Container Release : 4.19 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:838-1 Released: Tue Mar 11 13:11:21 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150500.6.42.1 updated - timezone-2025a-150000.75.31.1 updated - zypper-1.14.85-150500.6.26.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:22:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:22:37 +0100 (CET) Subject: SUSE-CU-2025:1709-1: Recommended update of suse/389-ds Message-ID: <20250312082237.685E4FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1709-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.8 , suse/389-ds:latest Container Release : 36.8 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - timezone-2025a-150600.91.3.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - mozilla-nss-tools-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:42:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:42:53 +0100 (CET) Subject: SUSE-CU-2025:1709-1: Recommended update of suse/389-ds Message-ID: <20250312084253.099FEFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1709-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.8 , suse/389-ds:latest Container Release : 36.8 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - timezone-2025a-150600.91.3.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - mozilla-nss-tools-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:43:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:43:23 +0100 (CET) Subject: SUSE-CU-2025:1711-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250312084323.30C25FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1711-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.13 , bci/dotnet-aspnet:8.0.13-47.11 Container Release : 47.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:43:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:43:35 +0100 (CET) Subject: SUSE-CU-2025:1712-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250312084335.0A83FFDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1712-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.2 , bci/dotnet-aspnet:9.0.2-5.11 , bci/dotnet-aspnet:latest Container Release : 5.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:44:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:44:24 +0100 (CET) Subject: SUSE-CU-2025:1714-1: Recommended update of bci/dotnet-sdk Message-ID: <20250312084424.618ADFDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1714-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.13 , bci/dotnet-sdk:8.0.13-51.11 Container Release : 51.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:44:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:44:34 +0100 (CET) Subject: SUSE-CU-2025:1715-1: Recommended update of bci/dotnet-sdk Message-ID: <20250312084434.B2F40FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1715-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.2 , bci/dotnet-sdk:9.0.2-6.11 , bci/dotnet-sdk:latest Container Release : 6.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:45:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:45:03 +0100 (CET) Subject: SUSE-CU-2025:1716-1: Recommended update of bci/dotnet-runtime Message-ID: <20250312084503.259F0FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1716-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.13 , bci/dotnet-runtime:8.0.13-47.11 Container Release : 47.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:45:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:45:13 +0100 (CET) Subject: SUSE-CU-2025:1717-1: Recommended update of bci/dotnet-runtime Message-ID: <20250312084513.9D184FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1717-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.2 , bci/dotnet-runtime:9.0.2-5.11 , bci/dotnet-runtime:latest Container Release : 5.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:46:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:46:17 +0100 (CET) Subject: SUSE-CU-2025:1720-1: Security update of bci/golang Message-ID: <20250312084617.969C9FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1720-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.38 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.38 Container Release : 55.38 Severity : important Type : security References : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - pkg-config-0.29.2-150600.15.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:47:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:47:36 +0100 (CET) Subject: SUSE-CU-2025:1723-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250312084736.8C47BFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1723-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.8 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.8 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:837-1 Released: Tue Mar 11 13:10:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150600.3.50.1 updated - timezone-2025a-150600.91.3.1 updated - zypper-1.14.85-150600.10.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:48:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:48:51 +0100 (CET) Subject: SUSE-CU-2025:1725-1: Recommended update of bci/kiwi Message-ID: <20250312084851.A6569FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1725-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.11 , bci/kiwi:latest Container Release : 22.11 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - timezone-2025a-150600.91.3.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:48:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:48:52 +0100 (CET) Subject: SUSE-CU-2025:1726-1: Recommended update of bci/kiwi Message-ID: <20250312084852.84601FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1726-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.13 , bci/kiwi:latest Container Release : 22.13 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:837-1 Released: Tue Mar 11 13:10:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150600.3.50.1 updated - zypper-1.14.85-150600.10.28.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:49:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:49:45 +0100 (CET) Subject: SUSE-CU-2025:1728-1: Recommended update of bci/nodejs Message-ID: <20250312084945.36274FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1728-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.41 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.41 , bci/nodejs:latest Container Release : 48.41 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:49:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:49:51 +0100 (CET) Subject: SUSE-CU-2025:1729-1: Recommended update of bci/nodejs Message-ID: <20250312084951.015CFFDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1729-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.29 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.29 Container Release : 31.29 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:49:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:49:55 +0100 (CET) Subject: SUSE-CU-2025:1730-1: Recommended update of bci/openjdk Message-ID: <20250312084955.44BA8FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1730-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-4.4 Container Release : 4.4 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:50:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:50:29 +0100 (CET) Subject: SUSE-CU-2025:1731-1: Recommended update of bci/openjdk Message-ID: <20250312085029.2F2C0FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1731-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.13 , bci/openjdk:latest Container Release : 33.13 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:50:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:50:56 +0100 (CET) Subject: SUSE-CU-2025:1732-1: Recommended update of bci/php-apache Message-ID: <20250312085056.0FE80FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1732-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.41 , bci/php-apache:latest Container Release : 48.41 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:51:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:51:20 +0100 (CET) Subject: SUSE-CU-2025:1733-1: Recommended update of bci/php-fpm Message-ID: <20250312085120.7A605FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1733-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.41 , bci/php-fpm:latest Container Release : 48.41 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:51:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:51:45 +0100 (CET) Subject: SUSE-CU-2025:1734-1: Recommended update of bci/php Message-ID: <20250312085145.55AD7FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1734-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.36 , bci/php:latest Container Release : 48.36 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:52:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:52:15 +0100 (CET) Subject: SUSE-CU-2025:1735-1: Recommended update of suse/postgres Message-ID: <20250312085215.2710CFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1735-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-61.4 Container Release : 61.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:52:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:52:26 +0100 (CET) Subject: SUSE-CU-2025:1736-1: Recommended update of suse/postgres Message-ID: <20250312085226.98ABFFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1736-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-42.2 , suse/postgres:latest Container Release : 42.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 08:54:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 09:54:28 +0100 (CET) Subject: SUSE-CU-2025:1740-1: Recommended update of suse/mariadb Message-ID: <20250312085428.56EF1FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1740-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.22 , suse/mariadb:latest Container Release : 62.22 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:01:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:01:12 +0100 (CET) Subject: SUSE-CU-2025:1740-1: Recommended update of suse/mariadb Message-ID: <20250312090112.26365FF1F@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1740-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.22 , suse/mariadb:latest Container Release : 62.22 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:01:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:01:44 +0100 (CET) Subject: SUSE-CU-2025:1741-1: Recommended update of bci/ruby Message-ID: <20250312090144.318ECFDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1741-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.40 , bci/ruby:latest Container Release : 31.40 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:04:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:04:46 +0100 (CET) Subject: SUSE-CU-2025:1747-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250312090446.8B9CAFDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1747-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.13 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.13 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - mozilla-nss-tools-3.101.2-150400.3.54.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:05:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:05:14 +0100 (CET) Subject: SUSE-CU-2025:1748-1: Recommended update of suse/sle15 Message-ID: <20250312090514.4D735FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1748-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.17 , suse/sle15:15.6 , suse/sle15:15.6.47.20.17 Container Release : 47.20.17 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:837-1 Released: Tue Mar 11 13:10:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150600.3.50.1 updated - timezone-2025a-150600.91.3.1 updated - zypper-1.14.85-150600.10.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:06:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:06:08 +0100 (CET) Subject: SUSE-CU-2025:1753-1: Recommended update of bci/ruby Message-ID: <20250312090608.AF589FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1753-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-4.3 Container Release : 4.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:sles15-image-15.7.0-4.2.33 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:06:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:06:14 +0100 (CET) Subject: SUSE-CU-2025:1754-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250312090614.56B07FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1754-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.45 Container Release : 4.45 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - libopenssl1_1-1.1.1w-150700.9.19 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - mozilla-nss-tools-3.101.2-150400.3.54.1 updated - container:sles15-image-15.7.0-4.2.33 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:06:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:06:19 +0100 (CET) Subject: SUSE-CU-2025:1755-1: Recommended update of suse/sle15 Message-ID: <20250312090619.E9E7BFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1755-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.33 , suse/sle15:15.7 , suse/sle15:15.7-4.2.33 Container Release : 4.2.33 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:837-1 Released: Tue Mar 11 13:10:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150600.3.50.1 updated - timezone-2025a-150600.91.3.1 updated - zypper-1.14.85-150600.10.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:07:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:07:28 +0100 (CET) Subject: SUSE-CU-2025:1757-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250312090728.72A8BFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1757-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.3 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.3 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:839-1 Released: Tue Mar 11 13:12:01 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150400.3.116.1 updated - zypper-1.14.85-150400.3.79.1 updated - container:sles15-ltss-image-15.4.0-2.29 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:08:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:08:09 +0100 (CET) Subject: SUSE-CU-2025:1758-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250312090809.A41AAFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1758-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.4 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.4 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:839-1 Released: Tue Mar 11 13:12:01 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150400.3.116.1 updated - zypper-1.14.85-150400.3.79.1 updated - timezone-2025a-150000.75.31.1 updated - container:sles15-ltss-image-15.4.0-2.29 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:11:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:11:29 +0100 (CET) Subject: SUSE-CU-2025:1762-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250312091129.1AD28FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1762-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.91 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.91 Severity : important Type : security References : 1189788 1216091 1236481 1236619 1237044 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:822-1 Released: Mon Mar 10 16:33:34 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:840-1 Released: Tue Mar 11 13:12:51 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - krb5-1.19.2-150300.22.1 updated - libzypp-17.36.3-150200.150.1 updated - timezone-2025a-150000.75.31.1 updated - zypper-1.14.85-150200.108.1 updated From sle-container-updates at lists.suse.com Wed Mar 12 09:15:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Mar 2025 10:15:09 +0100 (CET) Subject: SUSE-CU-2025:1764-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250312091509.275FBFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1764-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.93 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.93 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:840-1 Released: Tue Mar 11 13:12:51 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - libzypp-17.36.3-150200.150.1 updated - timezone-2025a-150000.75.31.1 updated - zypper-1.14.85-150200.108.1 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:04:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:04:17 +0100 (CET) Subject: SUSE-IU-2025:741-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250313080417.28E41FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:741-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.11 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 5.11 Severity : important Type : security References : 1227052 1235151 1236270 1236507 1236588 1236590 1237641 CVE-2023-45288 CVE-2024-11218 CVE-2024-6104 CVE-2024-9407 CVE-2025-0167 CVE-2025-0725 CVE-2025-27144 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 238 Released: Wed Mar 12 11:31:01 2025 Summary: Security update for podman Type: security Severity: important References: 1227052,1236270,1236507,1237641,CVE-2023-45288,CVE-2024-11218,CVE-2024-6104,CVE-2024-9407,CVE-2025-27144 This update for podman fixes the following issues: - CVE-2025-27144: Fixed gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237641): - CVE-2024-11218: Fixed github.com/containers/buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile (bsc#1236270): - CVE-2023-45288: Fixed golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236507): - CVE-2024-6104: Fixed hashicorp/go-retryablehttp: url might write sensitive information to log file (bsc#1227052): ----------------------------------------------------------------- Advisory ID: 239 Released: Wed Mar 12 11:47:54 2025 Summary: Security update for curl Type: security Severity: moderate References: 1235151,1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) Other issues fixed: - Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. (bsc#1235151) The following package changes have been done: - SL-Micro-release-6.0-25.6 updated - libcurl4-8.6.0-6.1 updated - podman-4.9.5-3.1 updated - container:SL-Micro-base-container-2.1.3-5.10 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:04:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:04:39 +0100 (CET) Subject: SUSE-IU-2025:742-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250313080439.058A0FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:742-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.10 , suse/sl-micro/6.0/base-os-container:latest Image Release : 5.10 Severity : moderate Type : security References : 1235151 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 239 Released: Wed Mar 12 11:47:54 2025 Summary: Security update for curl Type: security Severity: moderate References: 1235151,1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) Other issues fixed: - Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. (bsc#1235151) The following package changes have been done: - SL-Micro-release-6.0-25.6 updated - libcurl4-8.6.0-6.1 updated - curl-8.6.0-6.1 updated - container:suse-toolbox-image-1.0.0-7.6 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:05:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:05:01 +0100 (CET) Subject: SUSE-IU-2025:743-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250313080501.2A6B9FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:743-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-5.10 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 5.10 Severity : moderate Type : security References : 1235151 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 239 Released: Wed Mar 12 11:47:54 2025 Summary: Security update for curl Type: security Severity: moderate References: 1235151,1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) Other issues fixed: - Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. (bsc#1235151) The following package changes have been done: - SL-Micro-release-6.0-25.6 updated - libcurl4-8.6.0-6.1 updated - container:SL-Micro-base-container-2.1.3-5.10 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:05:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:05:24 +0100 (CET) Subject: SUSE-IU-2025:744-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250313080524.7813BFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:744-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-6.9 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 6.9 Severity : moderate Type : security References : 1235151 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 239 Released: Wed Mar 12 11:47:54 2025 Summary: Security update for curl Type: security Severity: moderate References: 1235151,1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) Other issues fixed: - Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. (bsc#1235151) The following package changes have been done: - SL-Micro-release-6.0-25.6 updated - libcurl4-8.6.0-6.1 updated - container:SL-Micro-container-2.1.3-5.11 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:11:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:11:00 +0100 (CET) Subject: SUSE-CU-2025:1776-1: Recommended update of bci/openjdk-devel Message-ID: <20250313081100.A68D9FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1776-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-4.7 Container Release : 4.7 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - container:bci-openjdk-17-046c8eac32342d479e6e328dab60a64bab3ff78d5eab7837481a3d40abde1de7-0 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:11:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:11:01 +0100 (CET) Subject: SUSE-CU-2025:1777-1: Recommended update of bci/openjdk-devel Message-ID: <20250313081101.7234FFDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1777-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-4.8 Container Release : 4.8 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. The following package changes have been done: - apache-commons-logging-1.3.4-150200.11.9.1 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:11:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:11:42 +0100 (CET) Subject: SUSE-CU-2025:1778-1: Recommended update of bci/openjdk-devel Message-ID: <20250313081142.18CD4FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1778-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.22 , bci/openjdk-devel:latest Container Release : 33.22 Severity : moderate Type : recommended References : 1222834 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). The following package changes have been done: - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - container:bci-openjdk-21-b48c2592cd27acb114846666297b0a0173eb675788b3dac0fedbe3524e6704a2-0 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:11:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:11:42 +0100 (CET) Subject: SUSE-CU-2025:1779-1: Recommended update of bci/openjdk-devel Message-ID: <20250313081142.DCFE8FDD1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1779-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.23 , bci/openjdk-devel:latest Container Release : 33.23 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. The following package changes have been done: - apache-commons-logging-1.3.4-150200.11.9.1 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:12:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:12:21 +0100 (CET) Subject: SUSE-CU-2025:1781-1: Recommended update of containers/apache-tomcat Message-ID: <20250313081221.7C5FEFDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1781-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.40 Container Release : 62.40 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. The following package changes have been done: - apache-commons-logging-1.3.4-150200.11.9.1 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:12:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:12:39 +0100 (CET) Subject: SUSE-CU-2025:1782-1: Recommended update of containers/apache-tomcat Message-ID: <20250313081239.0378CFDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1782-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.40 Container Release : 62.40 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. The following package changes have been done: - apache-commons-logging-1.3.4-150200.11.9.1 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:12:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:12:56 +0100 (CET) Subject: SUSE-CU-2025:1783-1: Recommended update of containers/apache-tomcat Message-ID: <20250313081256.A4D05FDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1783-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.40 Container Release : 62.40 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. The following package changes have been done: - apache-commons-logging-1.3.4-150200.11.9.1 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:13:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:13:09 +0100 (CET) Subject: SUSE-CU-2025:1784-1: Recommended update of containers/apache-tomcat Message-ID: <20250313081309.5791DFDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1784-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.41 Container Release : 62.41 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. The following package changes have been done: - apache-commons-logging-1.3.4-150200.11.9.1 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:13:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:13:24 +0100 (CET) Subject: SUSE-CU-2025:1785-1: Recommended update of containers/apache-tomcat Message-ID: <20250313081324.9CA6AFDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1785-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.41 Container Release : 62.41 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. The following package changes have been done: - apache-commons-logging-1.3.4-150200.11.9.1 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:13:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:13:38 +0100 (CET) Subject: SUSE-CU-2025:1786-1: Recommended update of containers/apache-tomcat Message-ID: <20250313081338.BC6F2FDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1786-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.41 Container Release : 62.41 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. The following package changes have been done: - apache-commons-logging-1.3.4-150200.11.9.1 updated From sle-container-updates at lists.suse.com Thu Mar 13 08:13:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Mar 2025 09:13:51 +0100 (CET) Subject: SUSE-CU-2025:1787-1: Recommended update of containers/apache-tomcat Message-ID: <20250313081351.7B3BBFDD1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1787-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.41 Container Release : 62.41 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. The following package changes have been done: - apache-commons-logging-1.3.4-150200.11.9.1 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:04:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:04:57 +0100 (CET) Subject: SUSE-IU-2025:745-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250314080457.5C393FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:745-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.339 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.339 Severity : important Type : security References : 1208995 1220946 1225742 1232472 1232919 1233701 1233749 1234154 1234650 1234853 1234891 1234963 1235054 1235061 1235073 1235111 1236133 1236289 1236576 1236661 1236677 1236757 1236758 1236760 1236761 1236777 1236951 1237025 1237028 1237139 1237316 1237693 1238033 CVE-2022-49080 CVE-2023-1192 CVE-2023-52572 CVE-2024-50115 CVE-2024-53135 CVE-2024-53173 CVE-2024-53226 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56605 CVE-2024-57948 CVE-2025-21647 CVE-2025-21690 CVE-2025-21692 CVE-2025-21699 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:853-1 Released: Thu Mar 13 11:40:01 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208995,1220946,1225742,1232472,1232919,1233701,1233749,1234154,1234650,1234853,1234891,1234963,1235054,1235061,1235073,1235111,1236133,1236289,1236576,1236661,1236677,1236757,1236758,1236760,1236761,1236777,1236951,1237025,1237028,1237139,1237316,1237693,1238033,CVE-2022-49080,CVE-2023-1192,CVE-2023-52572,CVE-2024-50115,CVE-2024-53135,CVE-2024-53173,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56605,CVE-2024-57948,CVE-2025-21647,CVE-2025-21690,CVE-2025-21692,CVE-2025-21699 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576) - CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - NFSD: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472). - cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777). - iavf: fix the waiting time for initial reset (bsc#1235111). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111). - idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316). - ipv4/tcp: do not use per netns ctl sockets (bsc#1237693). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: introduce a function to check if a netdev name is in use (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: minor __dev_alloc_name() optimization (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - rcu: Remove rcu_is_idle_cpu() (bsc#1236289). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289). - x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289). - x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289). - x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289). - x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289). - x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289). - x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289). - x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289). - x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289). - x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289). - x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (bsc#1236951). The following package changes have been done: - kernel-rt-5.14.21-150500.13.88.1 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:05:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:05:44 +0100 (CET) Subject: SUSE-IU-2025:746-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250314080544.D0269FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:746-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.13 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 5.13 Severity : critical Type : recommended References : 1228086 1230468 1231792 1232063 1236982 1237695 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 240 Released: Thu Mar 13 10:52:36 2025 Summary: Recommended update for dracut Type: recommended Severity: critical References: 1228086,1230468,1231792,1232063,1236982,1237695 This update for dracut fixes the following issues: - Update to version 059+suse.591.ge2ab3f62: * fix(iscsi): make sure services are shut down when switching root (bsc#1237695) * fix(iscsi): don't require network setup for qedi * fix(network-legacy): do not require pgrep when using wicked (bsc#1236982) - Update to version 059+suse.585.gc1e69422: Fixes for booting from iSCSI offload with bnx2i (bsc#1228086): * fix(iscsi): attempt iSCSI login before all interfaces are up * fix(iscsi): don't require network setup for bnx2i Other: * fix(dracut): rework timeout for devices added via --mount and --add-device (bsc#1231792) - Update to version 059+suse.578.gd47ce28c: * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063) - Update to version 059+suse.575.g06a9ae1f: Fixes for NVMeoF boot (bsc#1230468): * fix(nvmf): install (only) required nvmf modules * fix(nvmf): require NVMeoF modules * fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly ----------------------------------------------------------------- Advisory ID: 241 Released: Thu Mar 13 10:59:21 2025 Summary: Recommended update for lshw Type: recommended Severity: important References: This update for lshw fixes the following issues: - lshw: package update (jsc#9912) * update changelog * update data files * get rid of GTK deprecation warning * get rid of some snprintf warnings * add support for 100Gbit interfaces The following package changes have been done: - dracut-059+suse.591.ge2ab3f62-1.1 updated - lshw-B.02.20-1.1 updated - container:SL-Micro-base-container-2.1.3-5.11 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:06:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:06:07 +0100 (CET) Subject: SUSE-IU-2025:747-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20250314080607.69B5BFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:747-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.11 , suse/sl-micro/6.0/base-os-container:latest Image Release : 5.11 Severity : critical Type : recommended References : 1228086 1230468 1231792 1232063 1236982 1237695 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 240 Released: Thu Mar 13 10:52:36 2025 Summary: Recommended update for dracut Type: recommended Severity: critical References: 1228086,1230468,1231792,1232063,1236982,1237695 This update for dracut fixes the following issues: - Update to version 059+suse.591.ge2ab3f62: * fix(iscsi): make sure services are shut down when switching root (bsc#1237695) * fix(iscsi): don't require network setup for qedi * fix(network-legacy): do not require pgrep when using wicked (bsc#1236982) - Update to version 059+suse.585.gc1e69422: Fixes for booting from iSCSI offload with bnx2i (bsc#1228086): * fix(iscsi): attempt iSCSI login before all interfaces are up * fix(iscsi): don't require network setup for bnx2i Other: * fix(dracut): rework timeout for devices added via --mount and --add-device (bsc#1231792) - Update to version 059+suse.578.gd47ce28c: * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063) - Update to version 059+suse.575.g06a9ae1f: Fixes for NVMeoF boot (bsc#1230468): * fix(nvmf): install (only) required nvmf modules * fix(nvmf): require NVMeoF modules * fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly The following package changes have been done: - dracut-059+suse.591.ge2ab3f62-1.1 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:06:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:06:31 +0100 (CET) Subject: SUSE-IU-2025:748-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250314080631.2E20AFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:748-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-5.11 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 5.11 Severity : critical Type : recommended References : 1228086 1230468 1231792 1232063 1236982 1237695 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 240 Released: Thu Mar 13 10:52:36 2025 Summary: Recommended update for dracut Type: recommended Severity: critical References: 1228086,1230468,1231792,1232063,1236982,1237695 This update for dracut fixes the following issues: - Update to version 059+suse.591.ge2ab3f62: * fix(iscsi): make sure services are shut down when switching root (bsc#1237695) * fix(iscsi): don't require network setup for qedi * fix(network-legacy): do not require pgrep when using wicked (bsc#1236982) - Update to version 059+suse.585.gc1e69422: Fixes for booting from iSCSI offload with bnx2i (bsc#1228086): * fix(iscsi): attempt iSCSI login before all interfaces are up * fix(iscsi): don't require network setup for bnx2i Other: * fix(dracut): rework timeout for devices added via --mount and --add-device (bsc#1231792) - Update to version 059+suse.578.gd47ce28c: * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063) - Update to version 059+suse.575.g06a9ae1f: Fixes for NVMeoF boot (bsc#1230468): * fix(nvmf): install (only) required nvmf modules * fix(nvmf): require NVMeoF modules * fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly The following package changes have been done: - dracut-059+suse.591.ge2ab3f62-1.1 updated - container:SL-Micro-base-container-2.1.3-5.11 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:06:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:06:55 +0100 (CET) Subject: SUSE-IU-2025:749-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250314080655.D7145FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:749-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-6.10 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 6.10 Severity : critical Type : recommended References : 1228086 1230468 1231792 1232063 1236982 1237695 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 240 Released: Thu Mar 13 10:52:36 2025 Summary: Recommended update for dracut Type: recommended Severity: critical References: 1228086,1230468,1231792,1232063,1236982,1237695 This update for dracut fixes the following issues: - Update to version 059+suse.591.ge2ab3f62: * fix(iscsi): make sure services are shut down when switching root (bsc#1237695) * fix(iscsi): don't require network setup for qedi * fix(network-legacy): do not require pgrep when using wicked (bsc#1236982) - Update to version 059+suse.585.gc1e69422: Fixes for booting from iSCSI offload with bnx2i (bsc#1228086): * fix(iscsi): attempt iSCSI login before all interfaces are up * fix(iscsi): don't require network setup for bnx2i Other: * fix(dracut): rework timeout for devices added via --mount and --add-device (bsc#1231792) - Update to version 059+suse.578.gd47ce28c: * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063) - Update to version 059+suse.575.g06a9ae1f: Fixes for NVMeoF boot (bsc#1230468): * fix(nvmf): install (only) required nvmf modules * fix(nvmf): require NVMeoF modules * fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly The following package changes have been done: - dracut-059+suse.591.ge2ab3f62-1.1 updated - container:SL-Micro-container-2.1.3-5.13 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:08:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:08:06 +0100 (CET) Subject: SUSE-IU-2025:750-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250314080806.CE191FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:750-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.11 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.11 Severity : moderate Type : security References : 1221289 1229930 1229931 1229932 1230093 1232528 1234068 1236589 CVE-2024-11053 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8096 CVE-2024-9681 CVE-2025-0665 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 44 Released: Thu Mar 13 11:37:02 2025 Summary: Security update for curl Type: security Severity: moderate References: 1221289,1229930,1229931,1229932,1230093,1232528,1234068,1236589,CVE-2024-11053,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-8096,CVE-2024-9681,CVE-2025-0665 This update for curl fixes the following issues: Update to 8.12.1: * Bugfixes: - asyn-thread: fix build with 'CURL_DISABLE_SOCKETPAIR' - asyn-thread: fix HTTPS RR crash - asyn-thread: fix the returned bitmask from Curl_resolver_getsock - asyn-thread: survive a c-ares channel set to NULL - cmake: always reference OpenSSL and ZLIB via imported targets - cmake: respect 'GNUTLS_CFLAGS' when detected via 'pkg-config' - cmake: respect 'GNUTLS_LIBRARY_DIRS' in 'libcurl.pc' and 'curl-config' - content_encoding: #error on too old zlib - imap: TLS upgrade fix - ldap: drop support for legacy Novell LDAP SDK - libssh2: comparison is always true because rc <= -1 - libssh2: raise lowest supported version to 1.2.8 - libssh: drop support for libssh older than 0.9.0 - openssl-quic: ignore ciphers for h3 - pop3: TLS upgrade fix - runtests: fix the disabling of the memory tracking - runtests: quote commands to support paths with spaces - scache: add magic checks - smb: silence '-Warray-bounds' with gcc 13+ - smtp: TLS upgrade fix - tool_cfgable: sort struct fields by size, use bitfields for booleans - tool_getparam: add 'TLS required' flag for each such option - vtls: fix multissl-init - wakeup_write: make sure the eventfd write sends eight bytes Update to 8.12.0: * Security fixes: - [bsc#1234068, CVE-2024-11053] curl could leak the password used for the first host to the followed-to host under certain circumstances. - [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry - [bsc#1236589, CVE-2025-0665] eventfd double close * Changes: - curl: add byte range support to --variable reading from file - curl: make --etag-save acknowledge --create-dirs - getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var - getinfo: provide info which auth was used for HTTP and proxy - hyper: drop support - openssl: add support to use keys and certificates from PKCS#11 provider - QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA - vtls: feature ssls-export for SSL session im-/export * Bugfixes: - altsvc: avoid integer overflow in expire calculation - asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL - asyn-ares: fix memory leak - asyn-ares: initial HTTPS resolve support - asyn-thread: use c-ares to resolve HTTPS RR - async-thread: avoid closing eventfd twice - cd2nroff: do not insist on quoted <> within backticks - cd2nroff: support 'none' as a TLS backend - conncache: count shutdowns against host and max limits - content_encoding: drop support for zlib before 1.2.0.4 - content_encoding: namespace GZIP flag constants - content_encoding: put the decomp buffers into the writer structs - content_encoding: support use of custom libzstd memory functions - cookie: cap expire times to 400 days - cookie: parse only the exact expire date - curl: return error if etag options are used with multiple URLs - curl_multi_fdset: include the shutdown connections in the set - curl_sha512_256: rename symbols to the curl namespace - curl_url_set.md: adjust the added-in to 7.62.0 - doh: send HTTPS RR requests for all HTTP(S) transfers - easy: allow connect-only handle reuse with easy_perform - easy: make curl_easy_perform() return error if connection still there - easy_lock: use Sleep(1) for thread yield on old Windows - ECH: update APIs to those agreed with OpenSSL maintainers - GnuTLS: fix 'time_appconnect' for early data - HTTP/2: strip TE request header - http2: fix data_pending check - http2: fix value stored to 'result' is never read - http: ignore invalid Retry-After times - http_aws_sigv4: Fix invalid compare function handling zero-length pairs - https-connect: start next immediately on failure - lib: redirect handling by protocol handler - multi: fix curl_multi_waitfds reporting of fd_count - netrc: 'default' with no credentials is not a match - netrc: fix password-only entries - netrc: restore _netrc fallback logic - ngtcp2: fix memory leak on connect failure - openssl: define `HAVE_KEYLOG_CALLBACK` before use - openssl: fix ECH logic - osslq: use SSL_poll to determine writeability of QUIC streams - sectransp: free certificate on error - select: avoid a NULL deref in cwfds_add_sock - src: omit hugehelp and ca-embed from libcurltool - ssl session cache: change cache dimensions - system.h: add 64-bit curl_off_t definitions for NonStop - telnet: handle single-byte input option - TLS: check connection for SSL use, not handler - tool_formparse.c: make curlx_uztoso a static in here - tool_formparse: accept digits in --form type= strings - tool_getparam: ECH param parsing refix - tool_getparam: fail --hostpubsha256 if libssh2 is not used - tool_getparam: fix 'Ignored Return Value' - tool_getparam: fix memory leak on error in parse_ech - tool_getparam: fix the ECH parser - tool_operate: make --etag-compare always accept a non-existing file - transfer: fix CURLOPT_CURLU override logic - urlapi: fix redirect to a new fragment or query (only) - vquic: make vquic_send_packets not return without setting psent - vtls: fix default SSL backend as a fallback - vtls: only remember the expiry timestamp in session cache - websocket: fix message send corruption - x509asn1: add parse recursion limit Update to 8.11.1: * Security fixes: - netrc and redirect credential leak [bsc#1234068, CVE-2024-11053] * Bugfixes: - build: fix ECH to always enable HTTPS RR - cookie: treat cookie name case sensitively - curl-rustls.m4: keep existing 'CPPFLAGS'/'LDFLAGS' when detected - curl: use realtime in trace timestamps - digest: produce a shorter cnonce in Digest headers - docs: document default 'User-Agent' - docs: suggest --ssl-reqd instead of --ftp-ssl - duphandle: also init netrc - hostip: don't use the resolver for FQDN localhost - http_negotiate: allow for a one byte larger channel binding buffer - krb5: fix socket/sockindex confusion, MSVC compiler warnings - libssh: use libssh sftp_aio to upload file - libssh: when using IPv6 numerical address, add brackets - mime: fix reader stall on small read lengths - mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions - mprintf: fix the integer overflow checks - multi: fix callback for 'CURLMOPT_TIMERFUNCTION' not being called again when... - netrc: address several netrc parser flaws - netrc: support large file, longer lines, longer tokens - nghttp2: use custom memory functions - OpenSSL: improvde error message on expired certificate - openssl: remove three 'Useless Assignments' - openssl: stop using SSL_CTX_ function prefix for our functions - pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS - rtsp: check EOS in the RTSP receive and return an error code - schannel: remove TLS 1.3 ciphersuite-list support - setopt: fix CURLOPT_HTTP_CONTENT_DECODING - setopt: fix missing options for builds without HTTP & MQTT - socket: handle binding to 'host!' - socketpair: fix enabling 'USE_EVENTFD' - strtok: use namespaced 'strtok_r' macro instead of redefining it Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] - curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support 'implied LWS' properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly - libssh2: use the filename buffer when getting the homedir - multi.c: warn/assert on stall only without timer - negotiate: conditional check around GSS & SSL specific code - netrc: cache the netrc file in memory - ngtcp2: do not loop on recv - ngtcp2: set max window size to 10x of initial (128KB) - openssl quic: populate x509 store before handshake - openssl: extend the OpenSSL error messages - openssl: improve retries on shutdown - quic: use send/recvmmsg when available - schannel: fix TLS cert verification by IP SAN - schannel: ignore error on recv beyond close notify - select: use poll() if existing, avoid poll() with no sockets - sendf: add condition to max-filesize check - server/mqttd: fix two memory leaks - setopt: return error for bad input to CURLOPT_RTSP_REQUEST - setopt_cptr: make overflow check only done when needed - tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED - tool: support --show-headers AND --remote-header-name - tool_operate: make --skip-existing work for --parallel - url: connection reuse on h3 connections - url: use same credentials on redirect - urlapi: normalize the IPv6 address - version: say quictls in MSH3 builds - vquic: fix compiler warning with gcc + MUSL - vquic: recv_mmsg, use fewer, but larger buffers - vtls: convert Curl_pin_peer_pubkey to use dynbuf - vtls: convert pubkey_pem_to_der to use dynbuf Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use 'curl_response' if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param Update to version 8.10.0: * Security fixes: - [bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS * Changes: - curl: make --rate accept 'number of units' - curl: make --show-headers the same as --include - curl: support --dump-header % to direct to stderr - curl: support embedding a CA bundle and --dump-ca-embed - curl: support repeated use of the verbose option; -vv etc - curl: use libuv for parallel transfers with --test-event - vtls: stop offering alpn http/1.1 for http2-prior-knowledge * Bugfixes: - curl: allow 500MB data URL encode strings - curl: warn on unsupported SSL options - Curl_rand_bytes to control env override - curl_sha512_256: fix symbol collisions with nettle library - dist: fix reproducible build from release tarball - http2: fix GOAWAY message sent to server - http2: improve rate limiting of downloads - INSTALL.md: MultiSSL and QUIC are mutually exclusive - lib: add eos flag to send methods - lib: make SSPI global symbols use Curl_ prefix - lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name - lib: remove the final strncpy() calls - lib: remove use of RANDOM_FILE - Makefile.mk: fixup enabling libidn2 - max-filesize.md: mention zero disables the limit - mime: avoid inifite loop in client reader - ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks - openssl quic: fix memory leak - openssl: certinfo errors now fail correctly - openssl: fix the data race when sharing an SSL session between threads - openssl: improve shutdown handling - POP3: fix multi-line responses - pop3: use the protocol handler ->write_resp - progress: ratelimit/progress tweaks - rand: only provide weak random when needed - sectransp: fix setting tls version - setopt: make CURLOPT_TFTP_BLKSIZE accept bad values - sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL - sigpipe: init the struct so that first apply ignores - smb: convert superflous assign into assert - smtp: add tracing feature - spnego_gssapi: implement TLS channel bindings for openssl - src: delete `curlx_m*printf()` aliases - ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) - tool_operhlp: fix 'potentially uninitialized local variable 'pc' used' - tool_paramhlp: bump maximum post data size in memory to 16GB - transfer: skip EOS read when download done - url: fix connection reuse for HTTP/2 upgrades - urlapi: verify URL *decoded* hostname when set - urldata: introduce `data->mid`, a unique identifier inside a multi - vtls: add SSLSUPP_CIPHER_LIST - vtls: fix static function name collisions between TLS backends - vtls: init ssl peer only once - websocket: introduce blocking sends - ws: flags to opcodes should ignore CURLWS_CONT flag - x509asn1: raise size limit for x509 certification information The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.11 updated - libcurl4-8.12.1-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.10 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:08:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:08:21 +0100 (CET) Subject: SUSE-IU-2025:751-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250314080821.0A2ADFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:751-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.10 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.10 Severity : moderate Type : security References : 1221289 1229930 1229931 1229932 1230093 1232528 1234068 1236589 CVE-2024-11053 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8096 CVE-2024-9681 CVE-2025-0665 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 44 Released: Thu Mar 13 11:37:02 2025 Summary: Security update for curl Type: security Severity: moderate References: 1221289,1229930,1229931,1229932,1230093,1232528,1234068,1236589,CVE-2024-11053,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-8096,CVE-2024-9681,CVE-2025-0665 This update for curl fixes the following issues: Update to 8.12.1: * Bugfixes: - asyn-thread: fix build with 'CURL_DISABLE_SOCKETPAIR' - asyn-thread: fix HTTPS RR crash - asyn-thread: fix the returned bitmask from Curl_resolver_getsock - asyn-thread: survive a c-ares channel set to NULL - cmake: always reference OpenSSL and ZLIB via imported targets - cmake: respect 'GNUTLS_CFLAGS' when detected via 'pkg-config' - cmake: respect 'GNUTLS_LIBRARY_DIRS' in 'libcurl.pc' and 'curl-config' - content_encoding: #error on too old zlib - imap: TLS upgrade fix - ldap: drop support for legacy Novell LDAP SDK - libssh2: comparison is always true because rc <= -1 - libssh2: raise lowest supported version to 1.2.8 - libssh: drop support for libssh older than 0.9.0 - openssl-quic: ignore ciphers for h3 - pop3: TLS upgrade fix - runtests: fix the disabling of the memory tracking - runtests: quote commands to support paths with spaces - scache: add magic checks - smb: silence '-Warray-bounds' with gcc 13+ - smtp: TLS upgrade fix - tool_cfgable: sort struct fields by size, use bitfields for booleans - tool_getparam: add 'TLS required' flag for each such option - vtls: fix multissl-init - wakeup_write: make sure the eventfd write sends eight bytes Update to 8.12.0: * Security fixes: - [bsc#1234068, CVE-2024-11053] curl could leak the password used for the first host to the followed-to host under certain circumstances. - [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry - [bsc#1236589, CVE-2025-0665] eventfd double close * Changes: - curl: add byte range support to --variable reading from file - curl: make --etag-save acknowledge --create-dirs - getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var - getinfo: provide info which auth was used for HTTP and proxy - hyper: drop support - openssl: add support to use keys and certificates from PKCS#11 provider - QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA - vtls: feature ssls-export for SSL session im-/export * Bugfixes: - altsvc: avoid integer overflow in expire calculation - asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL - asyn-ares: fix memory leak - asyn-ares: initial HTTPS resolve support - asyn-thread: use c-ares to resolve HTTPS RR - async-thread: avoid closing eventfd twice - cd2nroff: do not insist on quoted <> within backticks - cd2nroff: support 'none' as a TLS backend - conncache: count shutdowns against host and max limits - content_encoding: drop support for zlib before 1.2.0.4 - content_encoding: namespace GZIP flag constants - content_encoding: put the decomp buffers into the writer structs - content_encoding: support use of custom libzstd memory functions - cookie: cap expire times to 400 days - cookie: parse only the exact expire date - curl: return error if etag options are used with multiple URLs - curl_multi_fdset: include the shutdown connections in the set - curl_sha512_256: rename symbols to the curl namespace - curl_url_set.md: adjust the added-in to 7.62.0 - doh: send HTTPS RR requests for all HTTP(S) transfers - easy: allow connect-only handle reuse with easy_perform - easy: make curl_easy_perform() return error if connection still there - easy_lock: use Sleep(1) for thread yield on old Windows - ECH: update APIs to those agreed with OpenSSL maintainers - GnuTLS: fix 'time_appconnect' for early data - HTTP/2: strip TE request header - http2: fix data_pending check - http2: fix value stored to 'result' is never read - http: ignore invalid Retry-After times - http_aws_sigv4: Fix invalid compare function handling zero-length pairs - https-connect: start next immediately on failure - lib: redirect handling by protocol handler - multi: fix curl_multi_waitfds reporting of fd_count - netrc: 'default' with no credentials is not a match - netrc: fix password-only entries - netrc: restore _netrc fallback logic - ngtcp2: fix memory leak on connect failure - openssl: define `HAVE_KEYLOG_CALLBACK` before use - openssl: fix ECH logic - osslq: use SSL_poll to determine writeability of QUIC streams - sectransp: free certificate on error - select: avoid a NULL deref in cwfds_add_sock - src: omit hugehelp and ca-embed from libcurltool - ssl session cache: change cache dimensions - system.h: add 64-bit curl_off_t definitions for NonStop - telnet: handle single-byte input option - TLS: check connection for SSL use, not handler - tool_formparse.c: make curlx_uztoso a static in here - tool_formparse: accept digits in --form type= strings - tool_getparam: ECH param parsing refix - tool_getparam: fail --hostpubsha256 if libssh2 is not used - tool_getparam: fix 'Ignored Return Value' - tool_getparam: fix memory leak on error in parse_ech - tool_getparam: fix the ECH parser - tool_operate: make --etag-compare always accept a non-existing file - transfer: fix CURLOPT_CURLU override logic - urlapi: fix redirect to a new fragment or query (only) - vquic: make vquic_send_packets not return without setting psent - vtls: fix default SSL backend as a fallback - vtls: only remember the expiry timestamp in session cache - websocket: fix message send corruption - x509asn1: add parse recursion limit Update to 8.11.1: * Security fixes: - netrc and redirect credential leak [bsc#1234068, CVE-2024-11053] * Bugfixes: - build: fix ECH to always enable HTTPS RR - cookie: treat cookie name case sensitively - curl-rustls.m4: keep existing 'CPPFLAGS'/'LDFLAGS' when detected - curl: use realtime in trace timestamps - digest: produce a shorter cnonce in Digest headers - docs: document default 'User-Agent' - docs: suggest --ssl-reqd instead of --ftp-ssl - duphandle: also init netrc - hostip: don't use the resolver for FQDN localhost - http_negotiate: allow for a one byte larger channel binding buffer - krb5: fix socket/sockindex confusion, MSVC compiler warnings - libssh: use libssh sftp_aio to upload file - libssh: when using IPv6 numerical address, add brackets - mime: fix reader stall on small read lengths - mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions - mprintf: fix the integer overflow checks - multi: fix callback for 'CURLMOPT_TIMERFUNCTION' not being called again when... - netrc: address several netrc parser flaws - netrc: support large file, longer lines, longer tokens - nghttp2: use custom memory functions - OpenSSL: improvde error message on expired certificate - openssl: remove three 'Useless Assignments' - openssl: stop using SSL_CTX_ function prefix for our functions - pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS - rtsp: check EOS in the RTSP receive and return an error code - schannel: remove TLS 1.3 ciphersuite-list support - setopt: fix CURLOPT_HTTP_CONTENT_DECODING - setopt: fix missing options for builds without HTTP & MQTT - socket: handle binding to 'host!' - socketpair: fix enabling 'USE_EVENTFD' - strtok: use namespaced 'strtok_r' macro instead of redefining it Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] - curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support 'implied LWS' properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly - libssh2: use the filename buffer when getting the homedir - multi.c: warn/assert on stall only without timer - negotiate: conditional check around GSS & SSL specific code - netrc: cache the netrc file in memory - ngtcp2: do not loop on recv - ngtcp2: set max window size to 10x of initial (128KB) - openssl quic: populate x509 store before handshake - openssl: extend the OpenSSL error messages - openssl: improve retries on shutdown - quic: use send/recvmmsg when available - schannel: fix TLS cert verification by IP SAN - schannel: ignore error on recv beyond close notify - select: use poll() if existing, avoid poll() with no sockets - sendf: add condition to max-filesize check - server/mqttd: fix two memory leaks - setopt: return error for bad input to CURLOPT_RTSP_REQUEST - setopt_cptr: make overflow check only done when needed - tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED - tool: support --show-headers AND --remote-header-name - tool_operate: make --skip-existing work for --parallel - url: connection reuse on h3 connections - url: use same credentials on redirect - urlapi: normalize the IPv6 address - version: say quictls in MSH3 builds - vquic: fix compiler warning with gcc + MUSL - vquic: recv_mmsg, use fewer, but larger buffers - vtls: convert Curl_pin_peer_pubkey to use dynbuf - vtls: convert pubkey_pem_to_der to use dynbuf Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use 'curl_response' if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param Update to version 8.10.0: * Security fixes: - [bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS * Changes: - curl: make --rate accept 'number of units' - curl: make --show-headers the same as --include - curl: support --dump-header % to direct to stderr - curl: support embedding a CA bundle and --dump-ca-embed - curl: support repeated use of the verbose option; -vv etc - curl: use libuv for parallel transfers with --test-event - vtls: stop offering alpn http/1.1 for http2-prior-knowledge * Bugfixes: - curl: allow 500MB data URL encode strings - curl: warn on unsupported SSL options - Curl_rand_bytes to control env override - curl_sha512_256: fix symbol collisions with nettle library - dist: fix reproducible build from release tarball - http2: fix GOAWAY message sent to server - http2: improve rate limiting of downloads - INSTALL.md: MultiSSL and QUIC are mutually exclusive - lib: add eos flag to send methods - lib: make SSPI global symbols use Curl_ prefix - lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name - lib: remove the final strncpy() calls - lib: remove use of RANDOM_FILE - Makefile.mk: fixup enabling libidn2 - max-filesize.md: mention zero disables the limit - mime: avoid inifite loop in client reader - ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks - openssl quic: fix memory leak - openssl: certinfo errors now fail correctly - openssl: fix the data race when sharing an SSL session between threads - openssl: improve shutdown handling - POP3: fix multi-line responses - pop3: use the protocol handler ->write_resp - progress: ratelimit/progress tweaks - rand: only provide weak random when needed - sectransp: fix setting tls version - setopt: make CURLOPT_TFTP_BLKSIZE accept bad values - sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL - sigpipe: init the struct so that first apply ignores - smb: convert superflous assign into assert - smtp: add tracing feature - spnego_gssapi: implement TLS channel bindings for openssl - src: delete `curlx_m*printf()` aliases - ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) - tool_operhlp: fix 'potentially uninitialized local variable 'pc' used' - tool_paramhlp: bump maximum post data size in memory to 16GB - transfer: skip EOS read when download done - url: fix connection reuse for HTTP/2 upgrades - urlapi: verify URL *decoded* hostname when set - urldata: introduce `data->mid`, a unique identifier inside a multi - vtls: add SSLSUPP_CIPHER_LIST - vtls: fix static function name collisions between TLS backends - vtls: init ssl peer only once - websocket: introduce blocking sends - ws: flags to opcodes should ignore CURLWS_CONT flag - x509asn1: raise size limit for x509 certification information The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.11 updated - libcurl4-8.12.1-slfo.1.1_1.1 updated - curl-8.12.1-slfo.1.1_1.1 updated - container:suse-toolbox-image-1.0.0-4.10 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:08:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:08:34 +0100 (CET) Subject: SUSE-IU-2025:752-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250314080834.0F335FDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:752-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.9 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.9 Severity : moderate Type : security References : 1221289 1229930 1229931 1229932 1230093 1232528 1234068 1236589 CVE-2024-11053 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8096 CVE-2024-9681 CVE-2025-0665 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 44 Released: Thu Mar 13 11:37:02 2025 Summary: Security update for curl Type: security Severity: moderate References: 1221289,1229930,1229931,1229932,1230093,1232528,1234068,1236589,CVE-2024-11053,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-8096,CVE-2024-9681,CVE-2025-0665 This update for curl fixes the following issues: Update to 8.12.1: * Bugfixes: - asyn-thread: fix build with 'CURL_DISABLE_SOCKETPAIR' - asyn-thread: fix HTTPS RR crash - asyn-thread: fix the returned bitmask from Curl_resolver_getsock - asyn-thread: survive a c-ares channel set to NULL - cmake: always reference OpenSSL and ZLIB via imported targets - cmake: respect 'GNUTLS_CFLAGS' when detected via 'pkg-config' - cmake: respect 'GNUTLS_LIBRARY_DIRS' in 'libcurl.pc' and 'curl-config' - content_encoding: #error on too old zlib - imap: TLS upgrade fix - ldap: drop support for legacy Novell LDAP SDK - libssh2: comparison is always true because rc <= -1 - libssh2: raise lowest supported version to 1.2.8 - libssh: drop support for libssh older than 0.9.0 - openssl-quic: ignore ciphers for h3 - pop3: TLS upgrade fix - runtests: fix the disabling of the memory tracking - runtests: quote commands to support paths with spaces - scache: add magic checks - smb: silence '-Warray-bounds' with gcc 13+ - smtp: TLS upgrade fix - tool_cfgable: sort struct fields by size, use bitfields for booleans - tool_getparam: add 'TLS required' flag for each such option - vtls: fix multissl-init - wakeup_write: make sure the eventfd write sends eight bytes Update to 8.12.0: * Security fixes: - [bsc#1234068, CVE-2024-11053] curl could leak the password used for the first host to the followed-to host under certain circumstances. - [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry - [bsc#1236589, CVE-2025-0665] eventfd double close * Changes: - curl: add byte range support to --variable reading from file - curl: make --etag-save acknowledge --create-dirs - getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var - getinfo: provide info which auth was used for HTTP and proxy - hyper: drop support - openssl: add support to use keys and certificates from PKCS#11 provider - QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA - vtls: feature ssls-export for SSL session im-/export * Bugfixes: - altsvc: avoid integer overflow in expire calculation - asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL - asyn-ares: fix memory leak - asyn-ares: initial HTTPS resolve support - asyn-thread: use c-ares to resolve HTTPS RR - async-thread: avoid closing eventfd twice - cd2nroff: do not insist on quoted <> within backticks - cd2nroff: support 'none' as a TLS backend - conncache: count shutdowns against host and max limits - content_encoding: drop support for zlib before 1.2.0.4 - content_encoding: namespace GZIP flag constants - content_encoding: put the decomp buffers into the writer structs - content_encoding: support use of custom libzstd memory functions - cookie: cap expire times to 400 days - cookie: parse only the exact expire date - curl: return error if etag options are used with multiple URLs - curl_multi_fdset: include the shutdown connections in the set - curl_sha512_256: rename symbols to the curl namespace - curl_url_set.md: adjust the added-in to 7.62.0 - doh: send HTTPS RR requests for all HTTP(S) transfers - easy: allow connect-only handle reuse with easy_perform - easy: make curl_easy_perform() return error if connection still there - easy_lock: use Sleep(1) for thread yield on old Windows - ECH: update APIs to those agreed with OpenSSL maintainers - GnuTLS: fix 'time_appconnect' for early data - HTTP/2: strip TE request header - http2: fix data_pending check - http2: fix value stored to 'result' is never read - http: ignore invalid Retry-After times - http_aws_sigv4: Fix invalid compare function handling zero-length pairs - https-connect: start next immediately on failure - lib: redirect handling by protocol handler - multi: fix curl_multi_waitfds reporting of fd_count - netrc: 'default' with no credentials is not a match - netrc: fix password-only entries - netrc: restore _netrc fallback logic - ngtcp2: fix memory leak on connect failure - openssl: define `HAVE_KEYLOG_CALLBACK` before use - openssl: fix ECH logic - osslq: use SSL_poll to determine writeability of QUIC streams - sectransp: free certificate on error - select: avoid a NULL deref in cwfds_add_sock - src: omit hugehelp and ca-embed from libcurltool - ssl session cache: change cache dimensions - system.h: add 64-bit curl_off_t definitions for NonStop - telnet: handle single-byte input option - TLS: check connection for SSL use, not handler - tool_formparse.c: make curlx_uztoso a static in here - tool_formparse: accept digits in --form type= strings - tool_getparam: ECH param parsing refix - tool_getparam: fail --hostpubsha256 if libssh2 is not used - tool_getparam: fix 'Ignored Return Value' - tool_getparam: fix memory leak on error in parse_ech - tool_getparam: fix the ECH parser - tool_operate: make --etag-compare always accept a non-existing file - transfer: fix CURLOPT_CURLU override logic - urlapi: fix redirect to a new fragment or query (only) - vquic: make vquic_send_packets not return without setting psent - vtls: fix default SSL backend as a fallback - vtls: only remember the expiry timestamp in session cache - websocket: fix message send corruption - x509asn1: add parse recursion limit Update to 8.11.1: * Security fixes: - netrc and redirect credential leak [bsc#1234068, CVE-2024-11053] * Bugfixes: - build: fix ECH to always enable HTTPS RR - cookie: treat cookie name case sensitively - curl-rustls.m4: keep existing 'CPPFLAGS'/'LDFLAGS' when detected - curl: use realtime in trace timestamps - digest: produce a shorter cnonce in Digest headers - docs: document default 'User-Agent' - docs: suggest --ssl-reqd instead of --ftp-ssl - duphandle: also init netrc - hostip: don't use the resolver for FQDN localhost - http_negotiate: allow for a one byte larger channel binding buffer - krb5: fix socket/sockindex confusion, MSVC compiler warnings - libssh: use libssh sftp_aio to upload file - libssh: when using IPv6 numerical address, add brackets - mime: fix reader stall on small read lengths - mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions - mprintf: fix the integer overflow checks - multi: fix callback for 'CURLMOPT_TIMERFUNCTION' not being called again when... - netrc: address several netrc parser flaws - netrc: support large file, longer lines, longer tokens - nghttp2: use custom memory functions - OpenSSL: improvde error message on expired certificate - openssl: remove three 'Useless Assignments' - openssl: stop using SSL_CTX_ function prefix for our functions - pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS - rtsp: check EOS in the RTSP receive and return an error code - schannel: remove TLS 1.3 ciphersuite-list support - setopt: fix CURLOPT_HTTP_CONTENT_DECODING - setopt: fix missing options for builds without HTTP & MQTT - socket: handle binding to 'host!' - socketpair: fix enabling 'USE_EVENTFD' - strtok: use namespaced 'strtok_r' macro instead of redefining it Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] - curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support 'implied LWS' properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly - libssh2: use the filename buffer when getting the homedir - multi.c: warn/assert on stall only without timer - negotiate: conditional check around GSS & SSL specific code - netrc: cache the netrc file in memory - ngtcp2: do not loop on recv - ngtcp2: set max window size to 10x of initial (128KB) - openssl quic: populate x509 store before handshake - openssl: extend the OpenSSL error messages - openssl: improve retries on shutdown - quic: use send/recvmmsg when available - schannel: fix TLS cert verification by IP SAN - schannel: ignore error on recv beyond close notify - select: use poll() if existing, avoid poll() with no sockets - sendf: add condition to max-filesize check - server/mqttd: fix two memory leaks - setopt: return error for bad input to CURLOPT_RTSP_REQUEST - setopt_cptr: make overflow check only done when needed - tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED - tool: support --show-headers AND --remote-header-name - tool_operate: make --skip-existing work for --parallel - url: connection reuse on h3 connections - url: use same credentials on redirect - urlapi: normalize the IPv6 address - version: say quictls in MSH3 builds - vquic: fix compiler warning with gcc + MUSL - vquic: recv_mmsg, use fewer, but larger buffers - vtls: convert Curl_pin_peer_pubkey to use dynbuf - vtls: convert pubkey_pem_to_der to use dynbuf Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use 'curl_response' if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param Update to version 8.10.0: * Security fixes: - [bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS * Changes: - curl: make --rate accept 'number of units' - curl: make --show-headers the same as --include - curl: support --dump-header % to direct to stderr - curl: support embedding a CA bundle and --dump-ca-embed - curl: support repeated use of the verbose option; -vv etc - curl: use libuv for parallel transfers with --test-event - vtls: stop offering alpn http/1.1 for http2-prior-knowledge * Bugfixes: - curl: allow 500MB data URL encode strings - curl: warn on unsupported SSL options - Curl_rand_bytes to control env override - curl_sha512_256: fix symbol collisions with nettle library - dist: fix reproducible build from release tarball - http2: fix GOAWAY message sent to server - http2: improve rate limiting of downloads - INSTALL.md: MultiSSL and QUIC are mutually exclusive - lib: add eos flag to send methods - lib: make SSPI global symbols use Curl_ prefix - lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name - lib: remove the final strncpy() calls - lib: remove use of RANDOM_FILE - Makefile.mk: fixup enabling libidn2 - max-filesize.md: mention zero disables the limit - mime: avoid inifite loop in client reader - ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks - openssl quic: fix memory leak - openssl: certinfo errors now fail correctly - openssl: fix the data race when sharing an SSL session between threads - openssl: improve shutdown handling - POP3: fix multi-line responses - pop3: use the protocol handler ->write_resp - progress: ratelimit/progress tweaks - rand: only provide weak random when needed - sectransp: fix setting tls version - setopt: make CURLOPT_TFTP_BLKSIZE accept bad values - sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL - sigpipe: init the struct so that first apply ignores - smb: convert superflous assign into assert - smtp: add tracing feature - spnego_gssapi: implement TLS channel bindings for openssl - src: delete `curlx_m*printf()` aliases - ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) - tool_operhlp: fix 'potentially uninitialized local variable 'pc' used' - tool_paramhlp: bump maximum post data size in memory to 16GB - transfer: skip EOS read when download done - url: fix connection reuse for HTTP/2 upgrades - urlapi: verify URL *decoded* hostname when set - urldata: introduce `data->mid`, a unique identifier inside a multi - vtls: add SSLSUPP_CIPHER_LIST - vtls: fix static function name collisions between TLS backends - vtls: init ssl peer only once - websocket: introduce blocking sends - ws: flags to opcodes should ignore CURLWS_CONT flag - x509asn1: raise size limit for x509 certification information The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.11 updated - libcurl4-8.12.1-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.10 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:08:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:08:47 +0100 (CET) Subject: SUSE-IU-2025:753-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250314080847.8B23FFDD1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:753-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.10 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.10 Severity : moderate Type : security References : 1221289 1229930 1229931 1229932 1230093 1232528 1234068 1236589 CVE-2024-11053 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8096 CVE-2024-9681 CVE-2025-0665 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 44 Released: Thu Mar 13 11:37:02 2025 Summary: Security update for curl Type: security Severity: moderate References: 1221289,1229930,1229931,1229932,1230093,1232528,1234068,1236589,CVE-2024-11053,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-8096,CVE-2024-9681,CVE-2025-0665 This update for curl fixes the following issues: Update to 8.12.1: * Bugfixes: - asyn-thread: fix build with 'CURL_DISABLE_SOCKETPAIR' - asyn-thread: fix HTTPS RR crash - asyn-thread: fix the returned bitmask from Curl_resolver_getsock - asyn-thread: survive a c-ares channel set to NULL - cmake: always reference OpenSSL and ZLIB via imported targets - cmake: respect 'GNUTLS_CFLAGS' when detected via 'pkg-config' - cmake: respect 'GNUTLS_LIBRARY_DIRS' in 'libcurl.pc' and 'curl-config' - content_encoding: #error on too old zlib - imap: TLS upgrade fix - ldap: drop support for legacy Novell LDAP SDK - libssh2: comparison is always true because rc <= -1 - libssh2: raise lowest supported version to 1.2.8 - libssh: drop support for libssh older than 0.9.0 - openssl-quic: ignore ciphers for h3 - pop3: TLS upgrade fix - runtests: fix the disabling of the memory tracking - runtests: quote commands to support paths with spaces - scache: add magic checks - smb: silence '-Warray-bounds' with gcc 13+ - smtp: TLS upgrade fix - tool_cfgable: sort struct fields by size, use bitfields for booleans - tool_getparam: add 'TLS required' flag for each such option - vtls: fix multissl-init - wakeup_write: make sure the eventfd write sends eight bytes Update to 8.12.0: * Security fixes: - [bsc#1234068, CVE-2024-11053] curl could leak the password used for the first host to the followed-to host under certain circumstances. - [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry - [bsc#1236589, CVE-2025-0665] eventfd double close * Changes: - curl: add byte range support to --variable reading from file - curl: make --etag-save acknowledge --create-dirs - getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var - getinfo: provide info which auth was used for HTTP and proxy - hyper: drop support - openssl: add support to use keys and certificates from PKCS#11 provider - QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA - vtls: feature ssls-export for SSL session im-/export * Bugfixes: - altsvc: avoid integer overflow in expire calculation - asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL - asyn-ares: fix memory leak - asyn-ares: initial HTTPS resolve support - asyn-thread: use c-ares to resolve HTTPS RR - async-thread: avoid closing eventfd twice - cd2nroff: do not insist on quoted <> within backticks - cd2nroff: support 'none' as a TLS backend - conncache: count shutdowns against host and max limits - content_encoding: drop support for zlib before 1.2.0.4 - content_encoding: namespace GZIP flag constants - content_encoding: put the decomp buffers into the writer structs - content_encoding: support use of custom libzstd memory functions - cookie: cap expire times to 400 days - cookie: parse only the exact expire date - curl: return error if etag options are used with multiple URLs - curl_multi_fdset: include the shutdown connections in the set - curl_sha512_256: rename symbols to the curl namespace - curl_url_set.md: adjust the added-in to 7.62.0 - doh: send HTTPS RR requests for all HTTP(S) transfers - easy: allow connect-only handle reuse with easy_perform - easy: make curl_easy_perform() return error if connection still there - easy_lock: use Sleep(1) for thread yield on old Windows - ECH: update APIs to those agreed with OpenSSL maintainers - GnuTLS: fix 'time_appconnect' for early data - HTTP/2: strip TE request header - http2: fix data_pending check - http2: fix value stored to 'result' is never read - http: ignore invalid Retry-After times - http_aws_sigv4: Fix invalid compare function handling zero-length pairs - https-connect: start next immediately on failure - lib: redirect handling by protocol handler - multi: fix curl_multi_waitfds reporting of fd_count - netrc: 'default' with no credentials is not a match - netrc: fix password-only entries - netrc: restore _netrc fallback logic - ngtcp2: fix memory leak on connect failure - openssl: define `HAVE_KEYLOG_CALLBACK` before use - openssl: fix ECH logic - osslq: use SSL_poll to determine writeability of QUIC streams - sectransp: free certificate on error - select: avoid a NULL deref in cwfds_add_sock - src: omit hugehelp and ca-embed from libcurltool - ssl session cache: change cache dimensions - system.h: add 64-bit curl_off_t definitions for NonStop - telnet: handle single-byte input option - TLS: check connection for SSL use, not handler - tool_formparse.c: make curlx_uztoso a static in here - tool_formparse: accept digits in --form type= strings - tool_getparam: ECH param parsing refix - tool_getparam: fail --hostpubsha256 if libssh2 is not used - tool_getparam: fix 'Ignored Return Value' - tool_getparam: fix memory leak on error in parse_ech - tool_getparam: fix the ECH parser - tool_operate: make --etag-compare always accept a non-existing file - transfer: fix CURLOPT_CURLU override logic - urlapi: fix redirect to a new fragment or query (only) - vquic: make vquic_send_packets not return without setting psent - vtls: fix default SSL backend as a fallback - vtls: only remember the expiry timestamp in session cache - websocket: fix message send corruption - x509asn1: add parse recursion limit Update to 8.11.1: * Security fixes: - netrc and redirect credential leak [bsc#1234068, CVE-2024-11053] * Bugfixes: - build: fix ECH to always enable HTTPS RR - cookie: treat cookie name case sensitively - curl-rustls.m4: keep existing 'CPPFLAGS'/'LDFLAGS' when detected - curl: use realtime in trace timestamps - digest: produce a shorter cnonce in Digest headers - docs: document default 'User-Agent' - docs: suggest --ssl-reqd instead of --ftp-ssl - duphandle: also init netrc - hostip: don't use the resolver for FQDN localhost - http_negotiate: allow for a one byte larger channel binding buffer - krb5: fix socket/sockindex confusion, MSVC compiler warnings - libssh: use libssh sftp_aio to upload file - libssh: when using IPv6 numerical address, add brackets - mime: fix reader stall on small read lengths - mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions - mprintf: fix the integer overflow checks - multi: fix callback for 'CURLMOPT_TIMERFUNCTION' not being called again when... - netrc: address several netrc parser flaws - netrc: support large file, longer lines, longer tokens - nghttp2: use custom memory functions - OpenSSL: improvde error message on expired certificate - openssl: remove three 'Useless Assignments' - openssl: stop using SSL_CTX_ function prefix for our functions - pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS - rtsp: check EOS in the RTSP receive and return an error code - schannel: remove TLS 1.3 ciphersuite-list support - setopt: fix CURLOPT_HTTP_CONTENT_DECODING - setopt: fix missing options for builds without HTTP & MQTT - socket: handle binding to 'host!' - socketpair: fix enabling 'USE_EVENTFD' - strtok: use namespaced 'strtok_r' macro instead of redefining it Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] - curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support 'implied LWS' properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly - libssh2: use the filename buffer when getting the homedir - multi.c: warn/assert on stall only without timer - negotiate: conditional check around GSS & SSL specific code - netrc: cache the netrc file in memory - ngtcp2: do not loop on recv - ngtcp2: set max window size to 10x of initial (128KB) - openssl quic: populate x509 store before handshake - openssl: extend the OpenSSL error messages - openssl: improve retries on shutdown - quic: use send/recvmmsg when available - schannel: fix TLS cert verification by IP SAN - schannel: ignore error on recv beyond close notify - select: use poll() if existing, avoid poll() with no sockets - sendf: add condition to max-filesize check - server/mqttd: fix two memory leaks - setopt: return error for bad input to CURLOPT_RTSP_REQUEST - setopt_cptr: make overflow check only done when needed - tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED - tool: support --show-headers AND --remote-header-name - tool_operate: make --skip-existing work for --parallel - url: connection reuse on h3 connections - url: use same credentials on redirect - urlapi: normalize the IPv6 address - version: say quictls in MSH3 builds - vquic: fix compiler warning with gcc + MUSL - vquic: recv_mmsg, use fewer, but larger buffers - vtls: convert Curl_pin_peer_pubkey to use dynbuf - vtls: convert pubkey_pem_to_der to use dynbuf Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use 'curl_response' if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param Update to version 8.10.0: * Security fixes: - [bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS * Changes: - curl: make --rate accept 'number of units' - curl: make --show-headers the same as --include - curl: support --dump-header % to direct to stderr - curl: support embedding a CA bundle and --dump-ca-embed - curl: support repeated use of the verbose option; -vv etc - curl: use libuv for parallel transfers with --test-event - vtls: stop offering alpn http/1.1 for http2-prior-knowledge * Bugfixes: - curl: allow 500MB data URL encode strings - curl: warn on unsupported SSL options - Curl_rand_bytes to control env override - curl_sha512_256: fix symbol collisions with nettle library - dist: fix reproducible build from release tarball - http2: fix GOAWAY message sent to server - http2: improve rate limiting of downloads - INSTALL.md: MultiSSL and QUIC are mutually exclusive - lib: add eos flag to send methods - lib: make SSPI global symbols use Curl_ prefix - lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name - lib: remove the final strncpy() calls - lib: remove use of RANDOM_FILE - Makefile.mk: fixup enabling libidn2 - max-filesize.md: mention zero disables the limit - mime: avoid inifite loop in client reader - ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks - openssl quic: fix memory leak - openssl: certinfo errors now fail correctly - openssl: fix the data race when sharing an SSL session between threads - openssl: improve shutdown handling - POP3: fix multi-line responses - pop3: use the protocol handler ->write_resp - progress: ratelimit/progress tweaks - rand: only provide weak random when needed - sectransp: fix setting tls version - setopt: make CURLOPT_TFTP_BLKSIZE accept bad values - sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL - sigpipe: init the struct so that first apply ignores - smb: convert superflous assign into assert - smtp: add tracing feature - spnego_gssapi: implement TLS channel bindings for openssl - src: delete `curlx_m*printf()` aliases - ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) - tool_operhlp: fix 'potentially uninitialized local variable 'pc' used' - tool_paramhlp: bump maximum post data size in memory to 16GB - transfer: skip EOS read when download done - url: fix connection reuse for HTTP/2 upgrades - urlapi: verify URL *decoded* hostname when set - urldata: introduce `data->mid`, a unique identifier inside a multi - vtls: add SSLSUPP_CIPHER_LIST - vtls: fix static function name collisions between TLS backends - vtls: init ssl peer only once - websocket: introduce blocking sends - ws: flags to opcodes should ignore CURLWS_CONT flag - x509asn1: raise size limit for x509 certification information The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.11 updated - libcurl4-8.12.1-slfo.1.1_1.1 updated - container:SL-Micro-container-2.2.0-4.11 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:12:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:12:44 +0100 (CET) Subject: SUSE-CU-2025:1807-1: Recommended update of suse/rmt-server Message-ID: <20250314081244.7EEE5FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1807-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-37.8 , suse/rmt-server:latest Container Release : 37.8 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - timezone-2025a-150600.91.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated From sle-container-updates at lists.suse.com Fri Mar 14 08:12:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Mar 2025 09:12:26 +0100 (CET) Subject: SUSE-CU-2025:1806-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250314081226.2D948FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1806-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.9 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.9 Severity : important Type : security References : 1012628 1215199 1219367 1222672 1222803 1225606 1225742 1225981 1227937 1228521 1230235 1230438 1230439 1230497 1231432 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232508 1232520 1232919 1233028 1233109 1233483 1233749 1234070 1234853 1234857 1234891 1234894 1234895 1234896 1234963 1235032 1235054 1235061 1235073 1235435 1235485 1235592 1235599 1235609 1235932 1235933 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236573 1236575 1236576 1236591 1236661 1236677 1236681 1236682 1236684 1236689 1236700 1236702 1236752 1236759 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237232 1237234 1237325 1237356 1237415 1237452 1237504 1237521 1237558 1237562 1237563 1237848 1237849 1237879 1237889 1237891 1237901 1237950 1238214 1238303 1238347 1238368 1238509 1238525 1238570 1238739 1238751 1238753 1238759 1238860 1238863 1238877 CVE-2023-52924 CVE-2023-52925 CVE-2024-26708 CVE-2024-26810 CVE-2024-40980 CVE-2024-41055 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-47701 CVE-2024-49884 CVE-2024-49950 CVE-2024-50029 CVE-2024-50036 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50142 CVE-2024-50185 CVE-2024-50294 CVE-2024-53123 CVE-2024-53147 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56568 CVE-2024-56579 CVE-2024-56605 CVE-2024-56633 CVE-2024-56647 CVE-2024-56720 CVE-2024-57889 CVE-2024-57948 CVE-2024-57994 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21665 CVE-2025-21667 CVE-2025-21668 CVE-2025-21673 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21705 CVE-2025-21715 CVE-2025-21716 CVE-2025-21719 CVE-2025-21724 CVE-2025-21725 CVE-2025-21728 CVE-2025-21767 CVE-2025-21790 CVE-2025-21795 CVE-2025-21799 CVE-2025-21802 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:856-1 Released: Thu Mar 13 16:46:37 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1215199,1219367,1222672,1222803,1225606,1225742,1225981,1227937,1228521,1230235,1230438,1230439,1230497,1231432,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232508,1232520,1232919,1233028,1233109,1233483,1233749,1234070,1234853,1234857,1234891,1234894,1234895,1234896,1234963,1235032,1235054,1235061,1235073,1235435,1235485,1235592,1235599,1235609,1235932,1235933,1236113,1236114,1236115,1236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236573,1236575,1236576,1236591,1236661,1236677,1236681,1236682,1236684,1236689,1236700,1236702,1236752,1236759,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237232,1237234,1237325,1237356,1237415,1237452,1237504,1237521,1237558,1237562,1237563,1237848,1237849,1237879,1237889,1237891,1237901,1237950,1238214,1238303,1238347,1238368,1238509,1238525,1238570,1238739,1238751,1238753,1238759,1238860,1238863,1238877,C VE-2023-52924,CVE-2023-52925,CVE-2024-26708,CVE-2024-26810,CVE-2024-40980,CVE-2024-41055,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-47701,CVE-2024-49884,CVE-2024-49950,CVE-2024-50029,CVE-2024-50036,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50142,CVE-2024-50185,CVE-2024-50294,CVE-2024-53123,CVE-2024-53147,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56568,CVE-2024-56579,CVE-2024-56605,CVE-2024-56633,CVE-2024-56647,CVE-2024-56720,CVE-2024-57889,CVE-2024-57948,CVE-2024-57994,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21665,CVE-2025-21667,CVE-2025-21668,CVE-2025-21673,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21705,CVE-2025-21715,CVE-2025-21716,CVE-2025-21719,CVE-2025-21724,CVE-2025-21725,CVE-2025 -21728,CVE-2025-21767,CVE-2025-21790,CVE-2025-21795,CVE-2025-21799,CVE-2025-21802 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Fix memory-hotplug regression (bsc#1237504). - Grab mm lock before grabbing pt lock (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: allocate keycode for phone linking (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094). - Use gcc-13 for build on SLE16 (jsc#PED-10028). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - doc: update managed_irq documentation (bsc#1236897). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: use ctrl state getter (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/topology: Improve topology detection (bsc#1236591). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - packaging: Turn gcc version into config.sh variable. - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). The following package changes have been done: - kernel-default-6.4.0-150600.23.42.2 updated From sle-container-updates at lists.suse.com Sat Mar 15 08:03:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Mar 2025 09:03:42 +0100 (CET) Subject: SUSE-IU-2025:757-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20250315080342.2504BFB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:757-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.12 , suse/sl-micro/6.0/base-os-container:latest Image Release : 5.12 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 242 Released: Fri Mar 14 07:30:21 2025 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Update to version 3.6 (jsc#PED-8647): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support. * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules. * Added bash completion. * Decode HPE OEM records 197, 239 and 245. * Implement options --list-strings and --list-types. * Update HPE OEM records 203, 212, 216, 221, 233, 236, 238 and 242. * Update Redfish support. * Bug fixes: Fix enabled slot characteristics not being printed * Minor improvements: Print slot width on its own line Use standard strings for slot width - Update for HPE servers from upstream: * Decode PCI bus segment in HPE type 238 records. The following package changes have been done: - dmidecode-3.6-1.1 updated From sle-container-updates at lists.suse.com Tue Mar 18 08:03:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Mar 2025 09:03:31 +0100 (CET) Subject: SUSE-CU-2025:1829-1: Security update of containers/open-webui Message-ID: <20250318080331.4100AFB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1829-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.2 Container Release : 9.2 Severity : important Type : security References : 1202848 1215945 1223070 1223235 1223256 1223272 1223304 1223437 1227296 1229026 1229338 1234028 1235092 1236007 1237351 1237358 1237371 1237382 CVE-2023-49502 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51798 CVE-2024-12361 CVE-2024-31578 CVE-2024-32230 CVE-2024-35368 CVE-2024-36613 CVE-2024-7055 CVE-2025-0518 CVE-2025-22919 CVE-2025-22921 CVE-2025-25473 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:862-1 Released: Fri Mar 14 09:45:29 2025 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1202848,1215945,1223070,1223235,1223256,1223272,1223304,1223437,1227296,1229026,1229338,1234028,1235092,1236007,1237351,1237358,1237371,1237382,CVE-2023-49502,CVE-2023-50010,CVE-2023-51793,CVE-2023-51794,CVE-2023-51798,CVE-2024-12361,CVE-2024-31578,CVE-2024-32230,CVE-2024-35368,CVE-2024-36613,CVE-2024-7055,CVE-2025-0518,CVE-2025-22919,CVE-2025-22921,CVE-2025-25473 This update for ffmpeg-4 fixes the following issues: - CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382). - CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351). - CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007). - CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371). - CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358). - CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028). - CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092). - CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256). - CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437). - CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272). - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235). - CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304). - CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070). - CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026). - CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296). Other fixes: - Updated to version 4.4.5. The following package changes have been done: - opencv4-cascades-data-4.11.0-150600.1.4 updated - libSDL2-2_0-0-2.28.5-150600.1.4 added - libzvbi0-0.2.35-2.22 added - python311-rapidocr-onnxruntime-1.3.24-150600.1.16 updated - libavutil56_70-4.4.5-150600.13.16.1 updated - python311-torch-2.5.0-150600.1.13 updated - libswscale5_9-4.4.5-150600.13.16.1 updated - libswresample3_9-4.4.5-150600.13.16.1 updated - libpostproc55_9-4.4.5-150600.13.16.1 updated - libavresample4_0-4.4.5-150600.13.16.1 updated - libavcodec58_134-4.4.5-150600.13.16.1 updated - python311-fpdf2-2.8.2-150600.1.6 updated - libavformat58_76-4.4.5-150600.13.16.1 updated - libopencv411-4.11.0-150600.1.4 updated - libavfilter7_110-4.4.5-150600.13.16.1 updated - libopencv_objdetect411-4.11.0-150600.1.4 updated - libopencv_imgcodecs411-4.11.0-150600.1.4 updated - libavdevice58_13-4.4.5-150600.13.16.1 updated - libopencv_face411-4.11.0-150600.1.4 updated - libopencv_aruco411-4.11.0-150600.1.4 updated - libopencv_ximgproc411-4.11.0-150600.1.4 updated - python311-av-11.0.0-150600.1.16 updated - ffmpeg-4-4.4.5-150600.13.16.1 updated - libopencv_optflow411-4.11.0-150600.1.4 updated - libopencv_highgui411-4.11.0-150600.1.4 updated - python311-datasets-3.0.1-150600.1.23 updated - python311-pydub-0.25.1-150600.1.19 updated - libopencv_gapi411-4.11.0-150600.1.4 updated - python311-colbert-ai-0.2.21-150600.1.24 updated - libopencv_videoio411-4.11.0-150600.1.4 updated - python311-opencv-4.11.0-150600.1.4 updated - python311-open-webui-0.5.14-150600.1.3 updated - libcelt0-2-0.11.3-150000.3.5.1 removed - libvmaf1-2.2.0-150400.1.8 removed From sle-container-updates at lists.suse.com Tue Mar 18 08:07:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Mar 2025 09:07:51 +0100 (CET) Subject: SUSE-CU-2025:1831-1: Security update of bci/python Message-ID: <20250318080751.0A590FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1831-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-63.2 , bci/python:latest Container Release : 63.2 Severity : low Type : security References : 1238450 1239210 CVE-2025-1795 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:883-1 Released: Mon Mar 17 16:21:34 2025 Summary: Security update for python312 Type: security Severity: low References: 1238450,1239210,CVE-2025-1795 This update for python312 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450). The following package changes have been done: - libpython3_12-1_0-3.12.9-150600.3.21.1 updated - python312-base-3.12.9-150600.3.21.1 updated - python312-3.12.9-150600.3.21.1 updated - python312-devel-3.12.9-150600.3.21.1 updated From sle-container-updates at lists.suse.com Tue Mar 18 08:10:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Mar 2025 09:10:26 +0100 (CET) Subject: SUSE-CU-2025:1834-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250318081026.1AE72FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1834-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.4 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.4 Severity : moderate Type : recommended References : 1237685 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:878-1 Released: Mon Mar 17 10:22:57 2025 Summary: Recommended update for python3-dmidecode Type: recommended Severity: moderate References: 1237685 This update for python3-dmidecode fixes the following issue: - Fix invalid log level error. (bsc#1237685) The following package changes have been done: - python3-dmidecode-3.12.3-150400.24.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 08:06:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 09:06:07 +0100 (CET) Subject: SUSE-CU-2025:1836-1: Recommended update of bci/rust Message-ID: <20250319080607.DFE75FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1836-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.1 , bci/rust:1.84.1-2.2.4 , bci/rust:oldstable , bci/rust:oldstable-2.2.4 Container Release : 2.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:900-1 Released: Tue Mar 18 10:47:35 2025 Summary: Recommended update for rust1.84 Type: recommended Severity: moderate References: This update for rust1.84 fixes the following issues: Version 1.84.1 (2025-01-30) ========================== - Fix ICE 132920 in duplicate-crate diagnostics. - Fix errors for overlapping impls in incremental rebuilds. - Fix slow compilation related to the next-generation trait solver. - Fix debuginfo when LLVM's location discriminator value limit is exceeded. - Fixes for building Rust from source: - Only try to distribute `llvm-objcopy` if llvm tools are enabled. - Add Profile Override for Non-Git Sources. - Resolve symlinks of LLVM tool binaries before copying them. - Make it possible to use ci-rustc on tarball sources. The following package changes have been done: - rust1.84-1.84.1-150300.7.7.1 updated - cargo1.84-1.84.1-150300.7.7.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:28:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:28:33 +0100 (CET) Subject: SUSE-IU-2025:759-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250319142833.BC53EFB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:759-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.153 , suse/sle-micro/base-5.5:latest Image Release : 5.8.153 Severity : important Type : recommended References : 1237865 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:934-1 Released: Wed Mar 19 11:08:10 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1237865 This update for grub2 fixes the following issues: - Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865) The following package changes have been done: - grub2-2.06-150500.29.46.2 updated - grub2-i386-pc-2.06-150500.29.46.2 updated - grub2-x86_64-efi-2.06-150500.29.46.2 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:39:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:39:37 +0100 (CET) Subject: SUSE-CU-2025:1841-1: Recommended update of suse/cosign Message-ID: <20250319143938.0269EFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1841-1 Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-8.33 , suse/cosign:latest Container Release : 8.33 Severity : moderate Type : recommended References : 1202870 1207789 1209627 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:40:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:40:10 +0100 (CET) Subject: SUSE-CU-2025:1842-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250319144010.D19FDFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1842-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.11 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.11 Severity : important Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 1237844 1237865 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:933-1 Released: Wed Mar 19 11:07:35 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1237844,1237865 This update for grub2 fixes the following issues: - Fix 'zfs.mo not found' message when booting on legacy BIOS (bsc#1237865) - Upstream XFS fixes - Fix 'attempt to read of write outside of partition' error message (bsc#1237844) The following package changes have been done: - grub2-i386-pc-2.12-150600.8.21.2 updated - grub2-x86_64-efi-2.12-150600.8.21.2 updated - grub2-2.12-150600.8.21.2 updated - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:40:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:40:27 +0100 (CET) Subject: SUSE-CU-2025:1843-1: Recommended update of bci/bci-minimal Message-ID: <20250319144027.2CC69FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1843-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.32.7 , bci/bci-minimal:latest Container Release : 32.7 Severity : moderate Type : recommended References : 1202870 1207789 1209627 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 added From sle-container-updates at lists.suse.com Wed Mar 19 14:40:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:40:56 +0100 (CET) Subject: SUSE-CU-2025:1844-1: Recommended update of suse/postgres Message-ID: <20250319144056.4025EFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1844-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-61.5 Container Release : 61.5 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:41:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:41:07 +0100 (CET) Subject: SUSE-CU-2025:1845-1: Recommended update of suse/postgres Message-ID: <20250319144107.1AD99FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1845-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-42.5 , suse/postgres:latest Container Release : 42.5 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:41:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:41:29 +0100 (CET) Subject: SUSE-CU-2025:1846-1: Recommended update of suse/mariadb Message-ID: <20250319144129.EA075FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1846-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.25 , suse/mariadb:latest Container Release : 62.25 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:41:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:41:44 +0100 (CET) Subject: SUSE-CU-2025:1847-1: Recommended update of containers/apache-tomcat Message-ID: <20250319144144.EF356FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1847-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.41 Container Release : 62.41 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:42:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:42:02 +0100 (CET) Subject: SUSE-CU-2025:1848-1: Recommended update of containers/apache-tomcat Message-ID: <20250319144202.5CF15FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1848-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.41 Container Release : 62.41 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:42:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:42:19 +0100 (CET) Subject: SUSE-CU-2025:1849-1: Recommended update of containers/apache-tomcat Message-ID: <20250319144219.6E0F1FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1849-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.41 Container Release : 62.41 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:42:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:42:35 +0100 (CET) Subject: SUSE-CU-2025:1850-1: Recommended update of containers/apache-tomcat Message-ID: <20250319144235.9271DFB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1850-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.42 Container Release : 62.42 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:42:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:42:51 +0100 (CET) Subject: SUSE-CU-2025:1851-1: Recommended update of containers/apache-tomcat Message-ID: <20250319144251.6AA82FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1851-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.42 Container Release : 62.42 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:43:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:43:07 +0100 (CET) Subject: SUSE-CU-2025:1852-1: Recommended update of containers/apache-tomcat Message-ID: <20250319144307.5BCF7FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1852-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.42 Container Release : 62.42 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:43:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:43:21 +0100 (CET) Subject: SUSE-CU-2025:1853-1: Recommended update of containers/apache-tomcat Message-ID: <20250319144321.3A365FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1853-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.42 Container Release : 62.42 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:43:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:43:50 +0100 (CET) Subject: SUSE-CU-2025:1854-1: Recommended update of suse/sle15 Message-ID: <20250319144350.0D7EAFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1854-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.18 , suse/sle15:15.6 , suse/sle15:15.6.47.20.18 Container Release : 47.20.18 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:43:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:43:51 +0100 (CET) Subject: SUSE-CU-2025:1855-1: Security update of suse/sles/15.7/cdi-apiserver Message-ID: <20250319144351.ED122FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1855-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.46 , suse/sles/15.7/cdi-apiserver:1.58.0.27.113 Container Release : 27.113 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - containerized-data-importer-api-1.58.0-150700.7.46 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:43:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:43:54 +0100 (CET) Subject: SUSE-CU-2025:1857-1: Security update of suse/sles/15.7/cdi-controller Message-ID: <20250319144354.69B0CFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1857-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.46 , suse/sles/15.7/cdi-controller:1.58.0.27.113 Container Release : 27.113 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - containerized-data-importer-controller-1.58.0-150700.7.46 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:43:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:43:53 +0100 (CET) Subject: SUSE-CU-2025:1856-1: Security update of suse/sles/15.7/cdi-cloner Message-ID: <20250319144353.35FC2FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1856-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.46 , suse/sles/15.7/cdi-cloner:1.58.0.28.113 Container Release : 28.113 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libzstd1-1.5.7-150700.1.1 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - containerized-data-importer-cloner-1.58.0-150700.7.46 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:43:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:43:56 +0100 (CET) Subject: SUSE-CU-2025:1859-1: Security update of suse/sles/15.7/cdi-operator Message-ID: <20250319144356.8B5BEFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1859-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.46 , suse/sles/15.7/cdi-operator:1.58.0.27.113 Container Release : 27.113 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - containerized-data-importer-operator-1.58.0-150700.7.46 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:43:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:43:55 +0100 (CET) Subject: SUSE-CU-2025:1858-1: Security update of suse/sles/15.7/cdi-importer Message-ID: <20250319144355.80480FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1858-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.46 , suse/sles/15.7/cdi-importer:1.58.0.29.83 Container Release : 29.83 Severity : important Type : security References : 1236619 1236858 1236878 1236974 CVE-2024-12133 CVE-2024-12243 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libzstd1-1.5.7-150700.1.1 updated - libgcrypt20-1.11.0-150700.2.16 updated - libxml2-2-2.12.10-150700.1.1 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libnettle8-3.10.1-150700.2.9 updated - libhogweed6-3.10.1-150700.2.9 updated - libgnutls30-3.8.3-150600.4.6.2 updated - qemu-img-9.2.2-150700.1.1 updated - containerized-data-importer-importer-1.58.0-150700.7.46 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 14:43:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 15:43:57 +0100 (CET) Subject: SUSE-CU-2025:1860-1: Security update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20250319144357.BD60DFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1860-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.46 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.113 Container Release : 27.113 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.46 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:13:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:13:34 +0100 (CET) Subject: SUSE-CU-2025:1863-1: Recommended update of suse/389-ds Message-ID: <20250319161334.22AEDFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1863-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.12 , suse/389-ds:latest Container Release : 36.12 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:14:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:14:16 +0100 (CET) Subject: SUSE-CU-2025:1864-1: Recommended update of bci/python Message-ID: <20250319161416.A071EFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1864-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-63.4 , bci/python:latest Container Release : 63.4 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:14:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:14:37 +0100 (CET) Subject: SUSE-CU-2025:1865-1: Recommended update of suse/rmt-server Message-ID: <20250319161437.B6336FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1865-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-37.10 , suse/rmt-server:latest Container Release : 37.10 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:06 +0100 (CET) Subject: SUSE-CU-2025:1866-1: Recommended update of containers/python Message-ID: <20250319161606.24270FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1866-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-45.3 Container Release : 45.3 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:20 +0100 (CET) Subject: SUSE-CU-2025:1867-1: Recommended update of containers/python Message-ID: <20250319161620.ED7F3FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1867-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-52.3 Container Release : 52.3 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:22 +0100 (CET) Subject: SUSE-CU-2025:1860-1: Security update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20250319161622.EEADBFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1860-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.46 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.113 Container Release : 27.113 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.46 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:24 +0100 (CET) Subject: SUSE-CU-2025:1868-1: Security update of suse/sles/15.7/cdi-uploadserver Message-ID: <20250319161624.60626FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1868-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.46 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.126 Container Release : 28.126 Severity : important Type : security References : 1236619 1236858 1236878 1236974 CVE-2024-12133 CVE-2024-12243 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libzstd1-1.5.7-150700.1.1 updated - libgcrypt20-1.11.0-150700.2.16 updated - libxml2-2-2.12.10-150700.1.1 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libnettle8-3.10.1-150700.2.9 updated - libhogweed6-3.10.1-150700.2.9 updated - libgnutls30-3.8.3-150600.4.6.2 updated - qemu-img-9.2.2-150700.1.1 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.46 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:33 +0100 (CET) Subject: SUSE-CU-2025:1870-1: Security update of suse/sles/15.7/virt-api Message-ID: <20250319161633.39887FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1870-1 Container Tags : suse/sles/15.7/virt-api:1.4.0 , suse/sles/15.7/virt-api:1.4.0-150700.1.6 , suse/sles/15.7/virt-api:1.4.0.27.112 Container Release : 27.112 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - kubevirt-virt-api-1.4.0-150700.1.6 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:34 +0100 (CET) Subject: SUSE-CU-2025:1871-1: Security update of suse/sles/15.7/virt-controller Message-ID: <20250319161634.A69A1FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1871-1 Container Tags : suse/sles/15.7/virt-controller:1.4.0 , suse/sles/15.7/virt-controller:1.4.0-150700.1.6 , suse/sles/15.7/virt-controller:1.4.0.27.112 Container Release : 27.112 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - kubevirt-virt-controller-1.4.0-150700.1.6 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:36 +0100 (CET) Subject: SUSE-CU-2025:1872-1: Security update of suse/sles/15.7/virt-exportproxy Message-ID: <20250319161636.17CEEFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1872-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.4.0 , suse/sles/15.7/virt-exportproxy:1.4.0-150700.1.6 , suse/sles/15.7/virt-exportproxy:1.4.0.11.112 Container Release : 11.112 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - kubevirt-virt-exportproxy-1.4.0-150700.1.6 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:38 +0100 (CET) Subject: SUSE-CU-2025:1874-1: Security update of suse/sles/15.7/virt-handler Message-ID: <20250319161638.925C6FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1874-1 Container Tags : suse/sles/15.7/virt-handler:1.4.0 , suse/sles/15.7/virt-handler:1.4.0-150700.1.6 , suse/sles/15.7/virt-handler:1.4.0.29.129 Container Release : 29.129 Severity : important Type : security References : 1229228 1233752 1234313 1234765 1236619 1236858 1236878 1236974 1237374 CVE-2024-12133 CVE-2024-12243 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libzstd1-1.5.7-150700.1.1 updated - libudev1-254.23-150600.4.25.1 updated - libgcrypt20-1.11.0-150700.2.16 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - sles-release-15.7-150700.22.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - kubevirt-container-disk-1.4.0-150700.1.6 updated - kubevirt-virt-handler-1.4.0-150700.1.6 updated - libnettle8-3.10.1-150700.2.9 updated - pkg-config-0.29.2-150600.15.3.1 updated - libsystemd0-254.23-150600.4.25.1 updated - libhogweed6-3.10.1-150700.2.9 updated - libgnutls30-3.8.3-150600.4.6.2 updated - qemu-img-9.2.2-150700.1.1 updated - systemd-254.23-150600.4.25.1 updated - util-linux-systemd-2.40.4-150700.1.4 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:37 +0100 (CET) Subject: SUSE-CU-2025:1873-1: Security update of suse/sles/15.7/virt-exportserver Message-ID: <20250319161637.51514FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1873-1 Container Tags : suse/sles/15.7/virt-exportserver:1.4.0 , suse/sles/15.7/virt-exportserver:1.4.0-150700.1.6 , suse/sles/15.7/virt-exportserver:1.4.0.12.112 Container Release : 12.112 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - kubevirt-virt-exportserver-1.4.0-150700.1.6 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:41 +0100 (CET) Subject: SUSE-CU-2025:1876-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20250319161641.72F24FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1876-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.4.0 , suse/sles/15.7/libguestfs-tools:1.4.0-150700.1.6 , suse/sles/15.7/libguestfs-tools:1.4.0.28.144 Container Release : 28.144 Severity : important Type : security References : 1228086 1228434 1229228 1231792 1233752 1234313 1234765 1235912 1236384 1236619 1236705 1236820 1236858 1236878 1236939 1236974 1236983 1237374 CVE-2024-12133 CVE-2024-12243 CVE-2025-0938 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:515-1 Released: Thu Feb 13 12:58:42 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228086,1231792,1235912 This update for dracut fixes the following issue: - Version update 059+suse.552.g232957b4 - fixes related to getting live image size (bsc#1235912). - fixes for booting from iSCSI offload with bnx2i (bsc#1228086). - rework timeout for devices added via --mount and --add-device (bsc#1231792). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libzstd1-1.5.7-150700.1.1 updated - libudev1-254.23-150600.4.25.1 updated - libgcrypt20-1.11.0-150700.2.16 updated - libxml2-2-2.12.10-150700.1.1 updated - libopenssl3-3.2.3-150700.3.10 updated - libzck1-1.5.1-150700.1.1 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - sles-release-15.7-150700.22.1 updated - libzypp-17.36.1-150600.3.47.2 updated - zypper-1.14.84-150600.10.25.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libguestfs-winsupport-1.55.6-150700.1.1 updated - guestfs-tools-1.53.7-150700.1.1 updated - libdevmapper1_03-2.03.24_1.02.198-150700.4.1 updated - libhivex0-1.3.24-150700.1.5 updated - libnettle8-3.10.1-150700.2.9 updated - libopenssl1_1-1.1.1w-150700.9.19 updated - libx86emu3-3.7-150700.1.1 updated - mdadm-4.4-150700.1.2 updated - osinfo-db-20250124-150700.2.1 updated - pkg-config-0.29.2-150600.15.3.1 updated - qemu-accel-tcg-x86-9.2.2-150700.1.1 updated - qemu-ipxe-9.2.2-150700.1.1 updated - qemu-seabios-9.2.21.16.3_3_g3d33c746-150700.1.1 updated - qemu-vgabios-9.2.21.16.3_3_g3d33c746-150700.1.1 updated - zstd-1.5.7-150700.1.1 updated - libsystemd0-254.23-150600.4.25.1 updated - libhogweed6-3.10.1-150700.2.9 updated - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - virtiofsd-1.12.0-150700.1.6 updated - bind-utils-9.20.3-150700.1.5 updated - libmpath0-0.10.2+122+suse.51e02cc-150700.1.1 updated - libgnutls30-3.8.3-150600.4.6.2 updated - xen-libs-4.20.0_08-150700.2.1 updated - qemu-vmsr-helper-9.2.2-150700.1.1 updated - qemu-pr-helper-9.2.2-150700.1.1 updated - qemu-img-9.2.2-150700.1.1 updated - systemd-254.23-150600.4.25.1 updated - qemu-tools-9.2.2-150700.1.1 updated - util-linux-systemd-2.40.4-150700.1.4 updated - udev-254.23-150600.4.25.1 updated - dracut-059+suse.552.g232957b4-150600.3.17.2 updated - dracut-fips-059+suse.552.g232957b4-150600.3.17.2 updated - qemu-x86-9.2.2-150700.1.1 updated - qemu-9.2.2-150700.1.1 updated - libguestfs0-1.55.6-150700.1.1 updated - libguestfs-devel-1.55.6-150700.1.1 updated - libguestfs-appliance-1.55.6-150700.1.1 updated - libguestfs-1.55.6-150700.1.1 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:40 +0100 (CET) Subject: SUSE-CU-2025:1875-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20250319161640.06322FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1875-1 Container Tags : suse/sles/15.7/virt-launcher:1.4.0 , suse/sles/15.7/virt-launcher:1.4.0-150700.1.6 , suse/sles/15.7/virt-launcher:1.4.0.34.108 Container Release : 34.108 Severity : important Type : security References : 1214290 1229228 1229685 1229822 1230078 1233752 1234313 1234765 1235695 1236151 1236619 1236842 1236858 1236878 1236974 1237137 1237374 CVE-2023-4016 CVE-2024-12133 CVE-2024-12243 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libzstd1-1.5.7-150700.1.1 updated - libudev1-254.23-150600.4.25.1 updated - libgcrypt20-1.11.0-150700.2.16 updated - libxml2-2-2.12.10-150700.1.1 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - sles-release-15.7-150700.22.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - kubevirt-container-disk-1.4.0-150700.1.6 updated - libdevmapper1_03-2.03.24_1.02.198-150700.4.1 updated - libnettle8-3.10.1-150700.2.9 updated - pkg-config-0.29.2-150600.15.3.1 updated - qemu-accel-tcg-x86-9.2.2-150700.1.1 updated - qemu-hw-usb-host-9.2.2-150700.1.1 updated - qemu-ipxe-9.2.2-150700.1.1 updated - qemu-seabios-9.2.21.16.3_3_g3d33c746-150700.1.1 updated - qemu-vgabios-9.2.21.16.3_3_g3d33c746-150700.1.1 updated - vim-data-common-9.1.1101-150500.20.21.1 updated - zstd-1.5.7-150700.1.1 updated - libsystemd0-254.23-150600.4.25.1 updated - libhogweed6-3.10.1-150700.2.9 updated - virtiofsd-1.12.0-150700.1.6 updated - qemu-hw-usb-redirect-9.2.2-150700.1.1 updated - vim-small-9.1.1101-150500.20.21.1 updated - libprocps8-3.3.17-150000.7.42.1 updated - libgnutls30-3.8.3-150600.4.6.2 updated - xen-libs-4.20.0_08-150700.2.1 updated - procps-3.3.17-150000.7.42.1 updated - qemu-img-9.2.2-150700.1.1 updated - gnutls-3.8.3-150600.4.6.2 updated - systemd-254.23-150600.4.25.1 updated - udev-254.23-150600.4.25.1 updated - systemd-container-254.23-150600.4.25.1 updated - kubevirt-virt-launcher-1.4.0-150700.1.6 updated - qemu-x86-9.2.2-150700.1.1 updated - qemu-9.2.2-150700.1.1 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Wed Mar 19 16:16:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Mar 2025 17:16:42 +0100 (CET) Subject: SUSE-CU-2025:1877-1: Security update of suse/sles/15.7/virt-operator Message-ID: <20250319161642.D5E3FFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1877-1 Container Tags : suse/sles/15.7/virt-operator:1.4.0 , suse/sles/15.7/virt-operator:1.4.0-150700.1.6 , suse/sles/15.7/virt-operator:1.4.0.27.112 Container Release : 27.112 Severity : moderate Type : security References : 1236619 1236858 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl3-3.2.3-150700.3.10 updated - libopenssl-3-fips-provider-3.2.3-150700.3.10 updated - krb5-1.20.1-150600.11.8.1 updated - kubevirt-virt-operator-1.4.0-150700.1.6 updated - container:sles15-image-15.7.0-3.35 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:02:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:02:59 +0100 (CET) Subject: SUSE-CU-2025:1881-1: Recommended update of containers/milvus Message-ID: <20250320080259.5E3FCFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1881-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.64 Container Release : 7.64 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - boost-license1_86_0-1.86.0-150600.1.9 updated - libaws-c-common1-0.9.28-150600.1.12 updated - libfmt9-9.1.0-150600.1.11 updated - libgflags2_2-2.2.2-150600.1.11 updated - libopentracing-cpp1-1.6.0-150600.1.11 updated - libsimdjson22-v3.9.5-150600.1.11 updated - libtbb12-2021.13.0-150600.1.11 updated - liburing2-2.6-150600.1.11 updated - libzstd1-1.5.6-150600.1.9 updated - minio-client-20241008T093726Z-150600.1.13 updated - libboost_program_options1_86_0-1.86.0-150600.1.9 updated - libboost_filesystem1_86_0-1.86.0-150600.1.9 updated - libboost_context1_86_0-1.86.0-150600.1.9 updated - libaws-checksums1-0.1.20-150600.1.13 updated - libaws-c-sdkutils1_0_0-0.1.19-150600.1.12 updated - libaws-c-compression1_0_0-0.2.18-150600.1.11 updated - libglog-4-0-0.4.0-150600.1.11 updated - libgcrypt20-1.10.3-150600.3.3.1 updated - libprotobuf3_21_12-21.12-150600.1.12 updated - libprotobuf25_5_0-25.5-150600.2.42 updated - librocksdb6-6.29.5-150600.2.10 updated - libthrift-0_17_0-0.17.0-150600.1.14 updated - libs2n0unstable-1.5.1-150600.1.12 updated - libaws-c-cal0unstable-0.7.4-150600.1.11 updated - libfolly0-2023.10.30.00-150600.1.12 updated - libaws-c-io0unstable-0.14.18-150600.1.11 updated - libarrow1700-17.0.0-150600.2.20 updated - libaws-c-http1_0_0-0.8.10-150600.1.12 updated - libaws-c-event-stream1-0.4.2-150600.1.11 updated - libparquet1700-17.0.0-150600.2.20 updated - libaws-c-mqtt1_0_0-0.10.6-150600.1.12 updated - libaws-c-auth1_0_0-0.7.31-150600.1.11 updated - librdkafka1-2.3.0-150600.1.9 updated - libprometheus-cpp0_13-0.13.0-150600.1.11 updated - libaws-c-s3-0unstable-0.6.6-150600.1.12 updated - lib-opentelemetry-cpp1_9_1-1.9.1-150600.1.12 updated - libaws-crt-cpp1-0.28.3-150600.1.13 updated - aws-sdk-cpp-libs-1.11.412-150600.1.12 updated - milvus-cppcpu-2.4.6-150600.1.23 updated - milvus-2.4.6-150600.1.27 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:04:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:04:13 +0100 (CET) Subject: SUSE-CU-2025:1882-1: Recommended update of containers/open-webui Message-ID: <20250320080413.E73D3FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1882-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.5 Container Release : 9.5 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - python311-rank-bm25-0.2.2-150600.1.12 updated - libgcrypt20-1.10.3-150600.3.3.1 updated - libgeos3_12_2-3.12.2-150600.1.11 updated - libgflags2_2-2.2.2-150600.1.11 updated - libtbb12-2021.13.0-150600.1.11 updated - libthrift-0_17_0-0.17.0-150600.1.14 updated - opencv4-cascades-data-4.11.0-150600.1.5 updated - libprotobuf25_5_0-25.5-150600.2.42 updated - libgeos_c1-3.12.2-150600.1.11 updated - libglog-4-0-0.4.0-150600.1.11 updated - python311-xlrd-2.0.1-150600.1.12 updated - python311-wrapt-1.16.0-150600.1.12 updated - python311-websockets-13.1-150600.1.3 updated - python311-validators-0.34.0-150600.1.12 updated - python311-uritemplate-4.1.1-150600.1.10 updated - python311-tzdata-2024.1-150600.1.11 updated - python311-typing_extensions-4.12.2-150600.1.11 updated - python311-tqdm-4.66.4-150600.1.12 updated - python311-threadpoolctl-3.5.0-150600.1.11 updated - python311-tenacity-9.0.0-150600.1.10 updated - python311-sniffio-1.3.1-150600.1.12 updated - python311-six-1.16.0-150600.1.12 updated - python311-setuptools-72.1.0-150600.1.10 updated - python311-safetensors-0.4.3-150600.1.16 updated - python311-regex-2024.5.15-150600.1.13 updated - python311-red-black-tree-mod-1.22-150600.1.12 updated - python311-rapidocr-onnxruntime-1.3.24-150600.1.17 updated - python311-pyxlsb-1.0.10-150600.1.12 updated - python311-pytube-15.0.0-150600.1.12 updated - python311-python-multipart-0.0.20-150600.1.3 updated - python311-python-iso639-2024.4.27-150600.1.11 updated - python311-pypdf-4.3.1-150600.1.12 updated - python311-pymongo-4.6.3-150600.1.13 updated - python311-pyclipper-1.3.0.post5-150600.1.12 updated - python311-psycopg2-2.9.9-150600.1.18 updated - python311-protobuf-4.25.5-150600.2.42 updated - python311-propcache-0.2.0-150600.1.3 updated - python311-primp-0.6.3-150600.1.16 updated - python311-peewee-3.17.8-150600.1.3 updated - python311-packaging-24.1-150600.1.10 updated - python311-overrides-7.7.0-150600.1.12 updated - python311-orjson-3.10.7-150600.1.20 updated - python311-onnxruntime-1.19.2-150600.1.12 updated - python311-olefile-0.47-150600.1.12 updated - python311-nest-asyncio-1.6.0-150600.1.11 updated - python311-monotonic-1.6-150600.1.10 updated - python311-mmh3-4.1.0-150600.1.15 updated - python311-langsmith-0.1.52-150600.1.21 updated - python311-langfuse-2.44.0-150600.1.11 updated - python311-jsonpath-python-1.0.6-150600.1.12 updated - python311-jiter-0.5.0-150600.1.15 updated - python311-jdcal-1.4.1-150600.1.11 updated - python311-importlib-resources-6.1.1-150600.1.13 updated - python311-idna-3.8-150600.1.11 updated - python311-greenlet-3.1.0-150600.1.17 updated - python311-filetype-1.2.0-150600.1.10 updated - python311-emoji-2.13.2-150600.1.12 updated - python311-einops-0.8.0-150600.1.11 updated - python311-ebcdic-1.1.1-150600.1.13 updated - python311-easygui-0.98.3-150600.1.10 updated - python311-docx2txt-0.8-150600.1.12 updated - python311-django-cache-url-3.4.5-150600.1.18 updated - python311-dj-email-url-1.0.6-150600.1.10 updated - python311-distro-1.9.0-150600.1.12 updated - python311-dill-0.3.8-150600.1.16 updated - python311-defusedxml-0.7.1-150600.1.12 updated - python311-compressed_rtf-1.0.6-150600.1.11 updated - python311-colorclass-2.2.2-150600.1.11 updated - python311-click-8.1.7-150600.1.12 updated - python311-charset-normalizer-3.3.2-150600.1.12 updated - python311-certifi-2024.7.4-150600.1.25 updated - python311-cchardet-2.1.19-150600.1.22 updated - python311-bitarray-2.9.2-150600.1.12 updated - python311-bcrypt-4.2.0-150600.1.15 updated - python311-backoff-2.2.1-150600.1.14 updated - python311-async_timeout-4.0.3-150600.1.3 updated - python311-appdirs-1.4.4-150600.1.10 updated - python311-annotated-types-0.7.0-150600.1.11 updated - python311-aiohappyeyeballs-2.3.7-150600.1.11 updated - python311-aiofiles-24.1.0-150600.1.3 updated - python311-XlsxWriter-3.2.0-150600.1.11 updated - python311-Pygments-2.19.1-150600.1.2 updated - python311-PyYAML-6.0.1-150600.1.12 updated - python311-PyPika-0.48.9-150600.1.12 updated - python311-Events-0.5-150600.1.2 updated - python311-pypandoc-1.14-150600.1.14 updated - python311-importlib-metadata-7.1.0-150600.1.12 updated - python311-ftfy-6.3.1-150600.1.3 updated - python311-pydantic-core-2.27.2-150600.1.15 updated - python311-asgiref-3.8.1-150600.1.11 updated - python311-lark-1.1.9-150600.1.12 updated - python311-cffi-1.17.0-150600.1.12 updated - python311-proto-plus-1.24.0-150600.1.17 updated - python311-opentelemetry-proto-1.27.0-150600.1.16 updated - python311-Pillow-10.4.0-150600.1.14 updated - python311-typing-inspect-0.9.0-150600.1.12 updated - python311-jsonpatch-1.33-150600.1.11 updated - python311-fake-useragent-1.5.1-150600.1.11 updated - python311-yarl-1.18.3-150600.1.3 updated - python311-anyio-4.4.0-150600.1.15 updated - python311-h2-4.2.0-150600.1.3 updated - python311-SQLAlchemy-2.0.32-150600.1.16 updated - python311-multiprocess-0.70.16-150600.1.13 updated - python311-python-oxmsg-0.0.1-150600.1.10 updated - python311-peewee-migrate-1.13.0-150600.1.11 updated - python311-redis-5.0.8-150600.1.14 updated - python311-Werkzeug-3.0.4-150600.1.11 updated - python311-grpcio-1.69.0-150600.1.4 updated - libarrow1700-17.0.0-150600.2.20 updated - python311-mpmath-1.3.0-150600.1.12 updated - libctranslate2-4-4.4.0-150600.1.10 updated - python311-build-1.2.1-150600.1.11 updated - python311-Markdown-3.7-150600.1.12 updated - python311-opentelemetry-api-1.27.0-150600.1.10 updated - python311-pydantic-2.10.6-150600.1.18 updated - python311-marshmallow-3.20.2-150600.1.7 updated - python311-cryptography-43.0.1-150600.1.18 updated - python311-opentelemetry-exporter-otlp-proto-common-1.27.0-150600.1.16 updated - python311-rich-13.7.1-150600.1.12 updated - python311-starlette-0.41.3-150600.1.3 updated - python311-httpcore-1.0.5-150600.1.10 updated - python311-duckduckgo-search-7.4.4-150600.1.5 updated - python311-aiohttp-3.11.11-150600.1.6 updated - python311-python-pptx-1.0.2-150600.1.11 updated - python311-et_xmlfile-1.0.1-150600.1.12 updated - python311-beautifulsoup4-4.12.3-150600.1.11 updated - python311-aiocache-0.12.3-150600.1.4 updated - python311-APScheduler-3.10.4-150600.1.19 updated - python311-alembic-1.14.1-150600.1.4 updated - python311-Flask-3.0.3-150600.1.10 updated - python311-grpcio-tools-1.68.1-150600.1.6 updated - python311-googleapis-common-protos-1.63.2-150600.1.17 updated - libparquet1700-17.0.0-150600.2.20 updated - libarrow_acero1700-17.0.0-150600.2.20 updated - python311-psutil-6.0.0-150600.1.14 updated - python311-python-jose-3.3.0-150600.1.11 updated - python311-ctranslate2-4.4.0-150600.1.12 updated - python311-numpy1-1.26.4-150600.1.25 updated - python311-pymdown-extensions-10.14.3-150600.1.2 updated - python311-opentelemetry-semantic-conventions-0.48b0-150600.1.10 updated - python311-opentelemetry-instrumentation-0.48b0-150600.1.10 updated - python311-langchain-core-0.3.37-150600.1.7 updated - python311-dataclasses-json-0.6.7-150600.1.18 updated - python311-pyOpenSSL-24.2.1-150600.1.10 updated - python311-msoffcrypto-tool-4.10.2-150600.1.13 updated - python311-PyMySQL-1.1.1-150600.1.13 updated - python311-PyJWT-2.10.1-150600.1.5 updated - python311-argon2-cffi-23.1.0-150600.1.9 updated - python311-typer-slim-0.12.5-150600.1.18 updated - python311-fastapi-0.115.8-150600.1.15 updated - python311-httpx-0.28.1-150600.1.3 updated - python311-black-24.8.0-150600.1.16 updated - python311-openpyxl-3.1.5-150600.1.11 updated - python311-Flask-Cors-5.0.0-150600.1.10 updated - python311-grpcio-status-1.62.2-150600.1.12 updated - libarrow_flight1700-17.0.0-150600.2.20 updated - libarrow_dataset1700-17.0.0-150600.2.20 updated - python311-torch-2.5.0-150600.1.14 updated - python311-sympy-1.12.1-150600.1.11 updated - python311-scipy-1.14.1-150600.1.25 updated - python311-pgvector-0.3.6-150600.1.7 updated - python311-pandas-2.2.3-150600.1.26 updated - python311-joblib-1.4.2-150600.1.13 updated - python311-chroma-hnswlib-0.7.6-150600.2.11 updated - python311-SoundFile-0.13.1-150600.1.3 updated - python311-Shapely-2.0.6-150600.1.13 updated - python311-opentelemetry-sdk-1.27.0-150600.1.10 updated - python311-langchain-text_splitters-0.3.19-150600.1.6 updated - python311-oletools-0.60.2-150600.1.12 updated - python311-Django-5.1.1-150600.1.17 updated - python311-typer-0.12.5-150600.1.18 updated - python311-pyarrow-17.0.0-150600.2.32 updated - python311-FontTools-4.53.1-150600.1.12 updated - python311-scikit-learn-1.5.1-150600.1.27 updated - python311-opentelemetry-util-http-0.48b0-150600.1.9 updated - python311-opentelemetry-exporter-otlp-proto-grpc-1.27.0-150600.1.21 updated - python311-requests-2.32.3-150600.1.11 updated - python311-qdrant-client-1.13.2-150600.1.8 updated - python311-RTFDE-0.1.1-150600.1.13 updated - python311-dj-database-url-2.3.0-150600.1.17 updated - python311-fpdf2-2.8.2-150600.1.7 updated - libopencv411-4.11.0-150600.1.5 updated - python311-opentelemetry-instrumentation-asgi-0.48b0-150600.1.9 updated - python311-youtube-transcript-api-0.6.3-150600.1.5 updated - python311-tiktoken-0.7.0-150600.1.16 updated - python311-python-engineio-4.8.0-150600.1.19 updated - python311-posthog-3.6.0-150600.1.14 updated - python311-nltk-3.9.1-150600.1.19 updated - python311-google-auth-2.34.0-150600.1.17 updated - python311-fsspec-2024.3.1-150600.1.12 updated - python311-docker-7.1.0-150600.1.12 updated - python311-botocore-1.36.11-150600.1.3 updated - python311-Authlib-1.4.1-150600.1.7 updated - python311-extract-msg-0.49.0-150600.1.15 updated - python311-environs-11.0.0-150600.1.19 updated - libopencv_objdetect411-4.11.0-150600.1.5 updated - libopencv_imgcodecs411-4.11.0-150600.1.5 updated - python311-opentelemetry-instrumentation-fastapi-0.48b0-150600.1.10 updated - python311-unstructured-client-0.25.9-150600.1.11 updated - python311-langchain-community-0.3.18-150600.1.7 updated - python311-langchain-0.3.19-150600.1.6 updated - python311-python-socketio-5.11.4-150600.1.18 updated - python311-kubernetes-28.1.0-150600.1.18 updated - python311-google-auth-oauthlib-1.2.1-150600.1.8 updated - python311-google-auth-httplib2-0.2.0-150600.1.17 updated - python311-google-api-core-2.19.2-150600.1.22 updated - python311-huggingface-hub-0.23.4-150600.1.13 updated - python311-s3transfer-0.11.1-150600.1.5 updated - python311-opensearch-py-2.8.0-150600.1.3 updated - python311-pymilvus-2.5.4-150600.1.3 updated - libopencv_face411-4.11.0-150600.1.5 updated - libopencv_aruco411-4.11.0-150600.1.5 updated - libopencv_ximgproc411-4.11.0-150600.1.5 updated - python311-google-api-python-client-2.143.0-150600.1.22 updated - python311-google-ai-generativelanguage-0.6.10-150600.1.22 updated - python311-tokenizers-0.20.0-150600.1.15 updated - python311-boto3-1.36.11-150600.1.5 updated - python311-av-11.0.0-150600.1.17 updated - libopencv_optflow411-4.11.0-150600.1.5 updated - libopencv_highgui411-4.11.0-150600.1.5 updated - python311-google-cloud-storage-2.19.0-150600.1.3 updated - python311-google-generativeai-0.8.2-150600.1.24 updated - python311-datasets-3.0.1-150600.1.24 updated - python311-transformers-4.44.2-150600.1.14 updated - python311-chromadb-0.6.3-150600.1.3 updated - python311-faster_whisper-1.1.1-150600.1.3 updated - python311-pydub-0.25.1-150600.1.20 updated - libopencv_gapi411-4.11.0-150600.1.5 updated - python311-sentence-transformers-3.4.1-150600.1.3 updated - python311-colbert-ai-0.2.21-150600.1.25 updated - python311-unstructured-0.16.23-150600.1.3 updated - libopencv_videoio411-4.11.0-150600.1.5 updated - python311-opencv-4.11.0-150600.1.5 updated - python311-open-webui-0.5.14-150600.1.5 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:12:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:12:10 +0100 (CET) Subject: SUSE-CU-2025:1893-1: Recommended update of bci/gcc Message-ID: <20250320081210.ED7DAFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1893-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.38 , bci/gcc:latest Container Release : 8.38 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:12:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:12:39 +0100 (CET) Subject: SUSE-CU-2025:1894-1: Recommended update of bci/golang Message-ID: <20250320081239.9092EFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1894-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.7 , bci/golang:1.23.7-2.34.20 , bci/golang:oldstable , bci/golang:oldstable-2.34.20 Container Release : 34.20 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:13:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:13:11 +0100 (CET) Subject: SUSE-CU-2025:1895-1: Recommended update of bci/golang Message-ID: <20250320081311.887D9FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1895-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.40 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.40 Container Release : 55.40 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:13:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:13:43 +0100 (CET) Subject: SUSE-CU-2025:1896-1: Recommended update of bci/golang Message-ID: <20250320081343.D4312FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1896-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.1 , bci/golang:1.24.1-1.34.20 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.20 Container Release : 34.20 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:14:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:14:27 +0100 (CET) Subject: SUSE-CU-2025:1897-1: Recommended update of bci/golang Message-ID: <20250320081427.0FCB9FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1897-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.39 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.39 Container Release : 55.39 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:15:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:15:02 +0100 (CET) Subject: SUSE-CU-2025:1898-1: Recommended update of bci/bci-init Message-ID: <20250320081502.94A5CFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1898-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.31.14 , bci/bci-init:latest Container Release : 31.14 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:15:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:15:47 +0100 (CET) Subject: SUSE-CU-2025:1899-1: Recommended update of bci/kiwi Message-ID: <20250320081547.04413FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1899-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.15 , bci/kiwi:latest Container Release : 22.15 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:16:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:16:15 +0100 (CET) Subject: SUSE-CU-2025:1900-1: Recommended update of suse/nginx Message-ID: <20250320081615.3D504FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1900-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.39 , suse/nginx:latest Container Release : 51.39 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:16:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:16:49 +0100 (CET) Subject: SUSE-CU-2025:1901-1: Recommended update of bci/nodejs Message-ID: <20250320081649.5E64FFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1901-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.43 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.43 , bci/nodejs:latest Container Release : 48.43 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:16:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:16:57 +0100 (CET) Subject: SUSE-CU-2025:1902-1: Recommended update of bci/nodejs Message-ID: <20250320081657.2A27FFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1902-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.31 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.31 Container Release : 31.31 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:17:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:17:02 +0100 (CET) Subject: SUSE-CU-2025:1903-1: Recommended update of bci/openjdk Message-ID: <20250320081702.1736CFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1903-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-4.6 Container Release : 4.6 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:17:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:17:43 +0100 (CET) Subject: SUSE-CU-2025:1904-1: Recommended update of bci/openjdk Message-ID: <20250320081743.DAFC8FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1904-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.15 , bci/openjdk:latest Container Release : 33.15 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:18:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:18:19 +0100 (CET) Subject: SUSE-CU-2025:1905-1: Recommended update of bci/php-apache Message-ID: <20250320081819.73B31FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1905-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.43 , bci/php-apache:latest Container Release : 48.43 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:19:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:19:34 +0100 (CET) Subject: SUSE-CU-2025:1907-1: Recommended update of bci/python Message-ID: <20250320081934.871A7FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1907-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-62.3 Container Release : 62.3 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:20:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:20:11 +0100 (CET) Subject: SUSE-CU-2025:1908-1: Recommended update of bci/python Message-ID: <20250320082011.4C65FFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1908-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.41 Container Release : 60.41 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:20:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:20:50 +0100 (CET) Subject: SUSE-CU-2025:1909-1: Recommended update of bci/ruby Message-ID: <20250320082050.07B3AFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1909-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.44 , bci/ruby:latest Container Release : 31.44 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:24:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:24:49 +0100 (CET) Subject: SUSE-CU-2025:1913-1: Recommended update of bci/spack Message-ID: <20250320082449.907DEFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1913-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.9 , bci/spack:latest Container Release : 5.9 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:02:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:02:55 +0100 (CET) Subject: SUSE-CU-2025:1914-1: Recommended update of containers/milvus Message-ID: <20250321080255.4AA90FCE3@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1914-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.66 Container Release : 7.66 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libaws-c-common1-0.9.28-150600.1.13 updated - libfmt9-9.1.0-150600.1.12 updated - libgflags2_2-2.2.2-150600.1.12 updated - libopentracing-cpp1-1.6.0-150600.1.12 updated - libsimdjson22-v3.9.5-150600.1.12 updated - libtbb12-2021.13.0-150600.1.12 updated - libaws-checksums1-0.1.20-150600.1.14 updated - libaws-c-sdkutils1_0_0-0.1.19-150600.1.13 updated - libaws-c-compression1_0_0-0.2.18-150600.1.12 updated - libglog-4-0-0.4.0-150600.1.12 updated - libprotobuf3_21_12-21.12-150600.1.13 updated - libprotobuf25_5_0-25.5-150600.2.43 updated - librocksdb6-6.29.5-150600.2.11 updated - libthrift-0_17_0-0.17.0-150600.1.15 updated - libs2n0unstable-1.5.1-150600.1.13 updated - libaws-c-cal0unstable-0.7.4-150600.1.12 updated - libfolly0-2023.10.30.00-150600.1.13 updated - libaws-c-io0unstable-0.14.18-150600.1.12 updated - libarrow1700-17.0.0-150600.2.21 updated - libaws-c-http1_0_0-0.8.10-150600.1.13 updated - libaws-c-event-stream1-0.4.2-150600.1.12 updated - libparquet1700-17.0.0-150600.2.21 updated - libaws-c-mqtt1_0_0-0.10.6-150600.1.13 updated - libaws-c-auth1_0_0-0.7.31-150600.1.12 updated - librdkafka1-2.3.0-150600.1.10 updated - libprometheus-cpp0_13-0.13.0-150600.1.12 updated - libaws-c-s3-0unstable-0.6.6-150600.1.13 updated - lib-opentelemetry-cpp1_9_1-1.9.1-150600.1.13 updated - libaws-crt-cpp1-0.28.3-150600.1.14 updated - aws-sdk-cpp-libs-1.11.412-150600.1.13 updated - milvus-cppcpu-2.4.6-150600.1.24 updated - milvus-2.4.6-150600.1.28 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:04:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:04:03 +0100 (CET) Subject: SUSE-CU-2025:1915-1: Recommended update of containers/ollama Message-ID: <20250321080403.BFE58FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1915-1 Container Tags : containers/ollama:0 , containers/ollama:0.5.7 , containers/ollama:0.5.7-7.6 Container Release : 7.6 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - ollama-nvidia-0.5.7-150600.1.9 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:05:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:05:04 +0100 (CET) Subject: SUSE-CU-2025:1916-1: Security update of containers/open-webui Message-ID: <20250321080504.EC22DFB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1916-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.6 Container Release : 9.6 Severity : important Type : security References : 1186586 1209934 1215309 1238879 CVE-2020-22021 CVE-2020-22046 CVE-2022-48434 CVE-2025-27516 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:956-1 Released: Wed Mar 19 17:12:25 2025 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1238879,CVE-2025-27516 This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:958-1 Released: Wed Mar 19 17:55:55 2025 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1186586,1209934,1215309,CVE-2020-22021,CVE-2020-22046,CVE-2022-48434 This update for ffmpeg-4 fixes the following issues: - CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934) - CVE-2020-22021: Fixed Buffer Overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586) The following package changes have been done: - opencv4-cascades-data-4.11.0-150600.1.6 updated - python311-rapidocr-onnxruntime-1.3.24-150600.1.18 updated - python311-peewee-3.17.8-150600.1.4 updated - python311-langsmith-0.1.52-150600.1.22 updated - python311-django-cache-url-3.4.5-150600.1.19 updated - python311-Jinja2-3.1.2-150400.12.14.1 updated - python311-marshmallow-3.20.2-150600.1.8 updated - python311-aiocache-0.12.3-150600.1.5 updated - python311-Flask-3.0.3-150600.1.11 updated - libavutil56_70-4.4.5-150600.13.19.1 updated - python311-langchain-core-0.3.37-150600.1.8 updated - python311-dataclasses-json-0.6.7-150600.1.19 updated - python311-typer-slim-0.12.5-150600.1.19 updated - python311-fastapi-0.115.8-150600.1.17 updated - python311-Flask-Cors-5.0.0-150600.1.11 updated - python311-torch-2.5.0-150600.1.15 updated - python311-scipy-1.14.1-150600.1.26 updated - python311-pgvector-0.3.6-150600.1.8 updated - libswscale5_9-4.4.5-150600.13.19.1 updated - libswresample3_9-4.4.5-150600.13.19.1 updated - libpostproc55_9-4.4.5-150600.13.19.1 updated - libavresample4_0-4.4.5-150600.13.19.1 updated - python311-langchain-text_splitters-0.3.19-150600.1.7 updated - python311-Django-5.1.1-150600.1.18 updated - python311-typer-0.12.5-150600.1.19 updated - python311-scikit-learn-1.5.1-150600.1.28 updated - libavcodec58_134-4.4.5-150600.13.19.1 updated - python311-dj-database-url-2.3.0-150600.1.18 updated - python311-fpdf2-2.8.2-150600.1.9 updated - libavformat58_76-4.4.5-150600.13.19.1 updated - libopencv411-4.11.0-150600.1.6 updated - python311-nltk-3.9.1-150600.1.20 updated - python311-google-auth-2.34.0-150600.1.18 updated - python311-Authlib-1.4.1-150600.1.8 updated - python311-environs-11.0.0-150600.1.20 updated - libavfilter7_110-4.4.5-150600.13.19.1 updated - libopencv_objdetect411-4.11.0-150600.1.6 updated - libopencv_imgcodecs411-4.11.0-150600.1.6 updated - python311-langchain-community-0.3.18-150600.1.8 updated - python311-langchain-0.3.19-150600.1.7 updated - python311-kubernetes-28.1.0-150600.1.19 updated - python311-google-auth-oauthlib-1.2.1-150600.1.9 updated - python311-google-auth-httplib2-0.2.0-150600.1.18 updated - python311-google-api-core-2.19.2-150600.1.23 updated - libavdevice58_13-4.4.5-150600.13.19.1 updated - libopencv_face411-4.11.0-150600.1.6 updated - libopencv_aruco411-4.11.0-150600.1.6 updated - libopencv_ximgproc411-4.11.0-150600.1.6 updated - python311-google-api-python-client-2.143.0-150600.1.23 updated - python311-google-ai-generativelanguage-0.6.10-150600.1.23 updated - python311-av-11.0.0-150600.1.18 updated - ffmpeg-4-4.4.5-150600.13.19.1 updated - libopencv_optflow411-4.11.0-150600.1.6 updated - libopencv_highgui411-4.11.0-150600.1.6 updated - python311-google-generativeai-0.8.2-150600.1.25 updated - python311-datasets-3.0.1-150600.1.25 updated - python311-pydub-0.25.1-150600.1.22 updated - libopencv_gapi411-4.11.0-150600.1.6 updated - python311-colbert-ai-0.2.21-150600.1.27 updated - libopencv_videoio411-4.11.0-150600.1.6 updated - python311-opencv-4.11.0-150600.1.6 updated - python311-open-webui-0.5.14-150600.1.7 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:08:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:08:48 +0100 (CET) Subject: SUSE-CU-2025:1917-1: Recommended update of bci/bci-base-fips Message-ID: <20250321080848.7F6DFFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1917-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.20.13 , bci/bci-base-fips:latest Container Release : 20.13 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - crypto-policies-scripts-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:09:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:09:11 +0100 (CET) Subject: SUSE-CU-2025:1918-1: Recommended update of suse/registry Message-ID: <20250321080911.ACBFEFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1918-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-34.3 , suse/registry:latest Container Release : 34.3 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:09:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:09:35 +0100 (CET) Subject: SUSE-CU-2025:1919-1: Recommended update of suse/git Message-ID: <20250321080935.9E76BFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1919-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-37.7 , suse/git:latest Container Release : 37.7 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:09:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:09:51 +0100 (CET) Subject: SUSE-CU-2025:1920-1: Recommended update of suse/helm Message-ID: <20250321080951.E091EFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1920-1 Container Tags : suse/helm:3 , suse/helm:3.17 , suse/helm:3.17.1 , suse/helm:3.17.1-37.7 , suse/helm:latest Container Release : 37.7 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:10:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:10:20 +0100 (CET) Subject: SUSE-CU-2025:1921-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250321081020.D41E4FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1921-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.14 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.14 Severity : important Type : recommended References : 1226533 1227637 1228926 1229898 1232063 1232227 1236165 1236321 1236390 1236392 1239165 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:966-1 Released: Thu Mar 20 08:53:38 2025 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1228926,1229898,1232063,1232227,1236321,1236390,1236392 This update for multipath-tools fixes the following issues: - Version update 0.9.8+111+suse.b7ee850 Backported bug fixes from upstream 0.9.9 - 0.10.2 * Fixed bug leading to the error message 'configured reservation key doesn't match: 0x0' (bsc#1228926). * Fixed bug that caused queueing to be always disabled if flushing a map failed (bsc#1229898). * Fixed output of `multipath -t` and `multipath -T` (bsc#1229898). * Fixed bug: don't print error message if WATCHDOG_USEC is 0 (bsc#1232227). * Fix map failure count for no_path_retry greater than 0 (bsc#1229898). * Fix reboot hang if uevent is processed for suspended device (bsc#1232063). * Don't set dev_loss_tmo to 0 for NO_PATH_RETRY_FAIL (bsc#1229898). * Fixed a memory leak in the nvme foreign library (bsc#1229898). * Fixed a problem in path detection algorithm that could cause I/O error failures (bsc#1236390). * Fix multipathd crash because of invalid path group index value, for example if an invalid path device was removed from a map (bsc#1236392). * Fix the problem that `group_by_tpg` might be disabled if one or more paths were offline during initial configuration (bsc#1236392). * Make sure udev and systemd notice changes in multipath path state when devices are added to or removed from multipath maps (bsc#1236321). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:967-1 Released: Thu Mar 20 09:31:40 2025 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1226533,1239165 This update for nfs-utils fixes the following issues: - Sources fix: nfsopen() failures should not be fatal (bsc#1239165). - Enable ldap support for nfsidmap (bsc#1226533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - kpartx-0.9.8+111+suse.b7ee850-150600.3.3.3 updated - libmpath0-0.9.8+111+suse.b7ee850-150600.3.3.3 updated - libnfsidmap1-1.0-150600.28.9.2 updated - multipath-tools-0.9.8+111+suse.b7ee850-150600.3.3.3 updated - nfs-client-2.6.4-150600.28.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:11:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:11:52 +0100 (CET) Subject: SUSE-CU-2025:1924-1: Recommended update of suse/pcp Message-ID: <20250321081152.F2181FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1924-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.48 , suse/pcp:latest Container Release : 42.48 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:bci-bci-init-15.6-7b1cb56e437dec115d83e1a16ed474464b19f8ffa0843f9ad7ffa0778503dc07-0 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:12:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:12:23 +0100 (CET) Subject: SUSE-CU-2025:1925-1: Recommended update of bci/php-fpm Message-ID: <20250321081223.931B5FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1925-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.44 , bci/php-fpm:latest Container Release : 48.44 Severity : moderate Type : recommended References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:12:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:12:52 +0100 (CET) Subject: SUSE-CU-2025:1926-1: Recommended update of suse/postgres Message-ID: <20250321081252.DBEDAFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1926-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-61.7 Container Release : 61.7 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:13:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:13:05 +0100 (CET) Subject: SUSE-CU-2025:1927-1: Recommended update of suse/postgres Message-ID: <20250321081305.14688FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1927-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-42.7 , suse/postgres:latest Container Release : 42.7 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:13:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:13:27 +0100 (CET) Subject: SUSE-CU-2025:1928-1: Recommended update of suse/mariadb-client Message-ID: <20250321081327.28359FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1928-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-56.22 , suse/mariadb-client:latest Container Release : 56.22 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:14:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:14:00 +0100 (CET) Subject: SUSE-CU-2025:1929-1: Recommended update of suse/mariadb Message-ID: <20250321081400.2ADA7FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1929-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.27 , suse/mariadb:latest Container Release : 62.27 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:14:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:14:15 +0100 (CET) Subject: SUSE-CU-2025:1930-1: Recommended update of containers/apache-tomcat Message-ID: <20250321081415.E2CC7FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1930-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.43 Container Release : 62.43 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:14:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:14:34 +0100 (CET) Subject: SUSE-CU-2025:1931-1: Recommended update of containers/apache-tomcat Message-ID: <20250321081434.4F1E5FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1931-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.43 Container Release : 62.43 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:14:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:14:53 +0100 (CET) Subject: SUSE-CU-2025:1932-1: Recommended update of containers/apache-tomcat Message-ID: <20250321081453.7854CFB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1932-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.43 Container Release : 62.43 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:15:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:15:07 +0100 (CET) Subject: SUSE-CU-2025:1933-1: Recommended update of containers/apache-tomcat Message-ID: <20250321081507.39AEDFB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1933-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.44 Container Release : 62.44 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:15:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:15:23 +0100 (CET) Subject: SUSE-CU-2025:1934-1: Recommended update of containers/apache-tomcat Message-ID: <20250321081523.A8073FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1934-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.44 Container Release : 62.44 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:15:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:15:41 +0100 (CET) Subject: SUSE-CU-2025:1935-1: Recommended update of containers/apache-tomcat Message-ID: <20250321081541.C63C3FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1935-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.44 Container Release : 62.44 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 08:15:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 09:15:59 +0100 (CET) Subject: SUSE-CU-2025:1936-1: Recommended update of containers/apache-tomcat Message-ID: <20250321081559.E17CAFB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1936-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.44 Container Release : 62.44 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 12:49:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 13:49:14 +0100 (CET) Subject: SUSE-CU-2025:1937-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250321124914.179AFFCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1937-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.15 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.15 Severity : moderate Type : security References : 1239461 CVE-2025-24912 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:977-1 Released: Fri Mar 21 09:25:49 2025 Summary: Security update for wpa_supplicant Type: security Severity: moderate References: 1239461,CVE-2025-24912 This update for wpa_supplicant fixes the following issues: - CVE-2025-24912: Fixed hostapd failing to process crafted RADIUS packets properly (bsc#1239461) The following package changes have been done: - wpa_supplicant-2.10-150600.7.6.1 updated From sle-container-updates at lists.suse.com Fri Mar 21 12:50:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 13:50:23 +0100 (CET) Subject: SUSE-CU-2025:1936-1: Recommended update of containers/apache-tomcat Message-ID: <20250321125023.B692EFCE3@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1936-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.44 Container Release : 62.44 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 12:50:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 13:50:29 +0100 (CET) Subject: SUSE-CU-2025:1938-1: Recommended update of suse/stunnel Message-ID: <20250321125029.4F452FCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1938-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-38.7 , suse/stunnel:latest Container Release : 38.7 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 21 12:50:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 13:50:36 +0100 (CET) Subject: SUSE-CU-2025:1939-1: Recommended update of bci/bci-base-fips Message-ID: <20250321125036.D6ADAFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1939-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-3.60 Container Release : 3.60 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - sles-release-15.7-150700.22.2 updated - crypto-policies-scripts-20230920.570ea89-150600.3.9.2 updated - container:sles15-image-15.7.0-4.2.38 updated From sle-container-updates at lists.suse.com Fri Mar 21 12:52:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 13:52:25 +0100 (CET) Subject: SUSE-CU-2025:1943-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250321125225.58E6FFCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1943-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.95 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.95 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:976-1 Released: Fri Mar 21 09:25:00 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418). The following package changes have been done: - libxml2-2-2.9.7-150000.3.76.1 updated From sle-container-updates at lists.suse.com Fri Mar 21 12:56:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Mar 2025 13:56:25 +0100 (CET) Subject: SUSE-CU-2025:1945-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250321125625.C133EFCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1945-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.97 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.97 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:976-1 Released: Fri Mar 21 09:25:00 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418). The following package changes have been done: - libxml2-2-2.9.7-150000.3.76.1 updated From sle-container-updates at lists.suse.com Sat Mar 22 08:07:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:07:38 +0100 (CET) Subject: SUSE-CU-2025:1950-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250322080738.13187FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1950-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.57 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.57 , suse/ltss/sle15.3/sle15:latest Container Release : 2.57 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:976-1 Released: Fri Mar 21 09:25:00 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418). The following package changes have been done: - libxml2-2-2.9.7-150000.3.76.1 updated From sle-container-updates at lists.suse.com Sat Mar 22 08:10:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:10:41 +0100 (CET) Subject: SUSE-CU-2025:1951-1: Security update of bci/python Message-ID: <20250322081041.8F6DEFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1951-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-62.5 Container Release : 62.5 Severity : low Type : security References : 1238450 1239210 CVE-2025-1795 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:982-1 Released: Fri Mar 21 15:17:03 2025 Summary: Security update for python311 Type: security Severity: low References: 1238450,1239210,CVE-2025-1795 This update for python311 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450). The following package changes have been done: - libpython3_11-1_0-3.11.11-150600.3.21.1 updated - python311-base-3.11.11-150600.3.21.1 updated - python311-3.11.11-150600.3.21.1 updated - python311-devel-3.11.11-150600.3.21.1 updated From sle-container-updates at lists.suse.com Sat Mar 22 08:12:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:12:11 +0100 (CET) Subject: SUSE-CU-2025:1954-1: Recommended update of bci/bci-init Message-ID: <20250322081211.07C70FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1954-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-3.59 Container Release : 3.59 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - sles-release-15.7-150700.23.1 updated - container:sles15-image-15.7.0-4.2.39 updated From sle-container-updates at lists.suse.com Sat Mar 22 08:12:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:12:21 +0100 (CET) Subject: SUSE-CU-2025:1956-1: Recommended update of bci/python Message-ID: <20250322081221.9ADA8FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1956-1 Container Tags : bci/python:3.13 , bci/python:3.13.0 , bci/python:3.13.0-5.4 Container Release : 5.4 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:sles15-image-15.7.0-4.2.39 updated From sle-container-updates at lists.suse.com Sat Mar 22 08:12:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:12:28 +0100 (CET) Subject: SUSE-CU-2025:1957-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250322081228.704C4FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1957-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.53 Container Release : 4.53 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - sles-release-15.7-150700.23.1 updated - kernel-macros-6.4.0-150700.47.1 updated - kernel-devel-6.4.0-150700.47.1 updated - suse-module-tools-15.7.5-150700.1.1 updated - kernel-default-devel-6.4.0-150700.47.3 updated - kernel-syms-6.4.0-150700.47.1 updated - container:sles15-image-15.7.0-4.2.39 updated From sle-container-updates at lists.suse.com Sat Mar 22 08:12:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:12:36 +0100 (CET) Subject: SUSE-CU-2025:1958-1: Recommended update of suse/sle15 Message-ID: <20250322081236.3DC88FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1958-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.39 , suse/sle15:15.7 , suse/sle15:15.7-4.2.39 Container Release : 4.2.39 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libzypp-17.36.3-150600.3.50.1 updated - sle-module-basesystem-release-15.7-150700.23.1 updated - sle-module-python3-release-15.7-150700.23.1 updated - sle-module-server-applications-release-15.7-150700.23.1 updated - sles-release-15.7-150700.23.1 updated - timezone-2025a-150600.91.3.1 updated - zypper-1.14.85-150600.10.28.1 updated From sle-container-updates at lists.suse.com Sun Mar 23 08:07:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 23 Mar 2025 09:07:54 +0100 (CET) Subject: SUSE-CU-2025:1959-1: Security update of bci/spack Message-ID: <20250323080754.07C4EFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1959-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.11 , bci/spack:latest Container Release : 5.11 Severity : moderate Type : security References : 1237606 1238610 CVE-2025-1632 CVE-2025-25724 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:985-1 Released: Fri Mar 21 18:45:14 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1237606,1238610,CVE-2025-1632,CVE-2025-25724 This update for libarchive fixes the following issues: - CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606) - CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610) The following package changes have been done: - libarchive13-3.7.2-150600.3.12.1 updated From sle-container-updates at lists.suse.com Mon Mar 24 12:26:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Mar 2025 13:26:11 +0100 (CET) Subject: SUSE-CU-2025:1963-1: Security update of containers/open-webui Message-ID: <20250324122611.417B0FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1963-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.9 Container Release : 9.9 Severity : important Type : security References : 1238450 1239210 1239222 1239299 1239312 1239319 1239320 CVE-2025-1795 CVE-2025-2173 CVE-2025-2174 CVE-2025-2175 CVE-2025-2176 CVE-2025-2177 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:979-1 Released: Fri Mar 21 13:53:59 2025 Summary: Security update for zvbi Type: security Severity: important References: 1239222,1239299,1239312,1239319,1239320,CVE-2025-2173,CVE-2025-2174,CVE-2025-2175,CVE-2025-2176,CVE-2025-2177 This update for zvbi fixes the following issues: - CVE-2025-2173: Fixed check on src_length to avoid an unitinialized heap read (bsc#1239222). - CVE-2025-2174: Fixed integer overflow leading to heap overflow in src/conv.c, src/io-sim.c, src/search.c (bsc#1239299). - CVE-2025-2175: Fixed integer overflow in _vbi_strndup_iconv (bsc#1239312). - CVE-2025-2176: Fixed integer overflow in function vbi_capture_sim_load_caption in src/io-sim.c (bsc#1239319). - CVE-2025-2177: Fixed integer overflow in function vbi_search_new in src/search.c (bsc#1239320). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:982-1 Released: Fri Mar 21 15:17:03 2025 Summary: Security update for python311 Type: security Severity: low References: 1238450,1239210,CVE-2025-1795 This update for python311 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450). The following package changes have been done: - libprotobuf25_5_0-25.5-150600.2.44 updated - libpython3_11-1_0-3.11.11-150600.3.21.1 updated - python311-base-3.11.11-150600.3.21.1 updated - python311-3.11.11-150600.3.21.1 updated - libzvbi0-0.2.35-150000.4.3.1 updated - python311-protobuf-4.25.5-150600.2.44 updated - python311-certifi-2024.7.4-150600.1.27 updated - python311-cchardet-2.1.19-150600.1.24 updated - python311-numpy1-1.26.4-150600.1.27 updated - python311-scipy-1.14.1-150600.1.28 updated - python311-pandas-2.2.3-150600.1.28 updated - python311-scikit-learn-1.5.1-150600.1.30 updated - python311-open-webui-0.5.14-150600.1.9 updated From sle-container-updates at lists.suse.com Mon Mar 24 12:31:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Mar 2025 13:31:01 +0100 (CET) Subject: SUSE-CU-2025:1964-1: Recommended update of bci/kiwi Message-ID: <20250324123101.BA29EFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1964-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.17 , bci/kiwi:latest Container Release : 22.17 Severity : important Type : recommended References : 1228926 1229898 1232063 1232227 1236321 1236390 1236392 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:966-1 Released: Thu Mar 20 08:53:38 2025 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1228926,1229898,1232063,1232227,1236321,1236390,1236392 This update for multipath-tools fixes the following issues: - Version update 0.9.8+111+suse.b7ee850 Backported bug fixes from upstream 0.9.9 - 0.10.2 * Fixed bug leading to the error message 'configured reservation key doesn't match: 0x0' (bsc#1228926). * Fixed bug that caused queueing to be always disabled if flushing a map failed (bsc#1229898). * Fixed output of `multipath -t` and `multipath -T` (bsc#1229898). * Fixed bug: don't print error message if WATCHDOG_USEC is 0 (bsc#1232227). * Fix map failure count for no_path_retry greater than 0 (bsc#1229898). * Fix reboot hang if uevent is processed for suspended device (bsc#1232063). * Don't set dev_loss_tmo to 0 for NO_PATH_RETRY_FAIL (bsc#1229898). * Fixed a memory leak in the nvme foreign library (bsc#1229898). * Fixed a problem in path detection algorithm that could cause I/O error failures (bsc#1236390). * Fix multipathd crash because of invalid path group index value, for example if an invalid path device was removed from a map (bsc#1236392). * Fix the problem that `group_by_tpg` might be disabled if one or more paths were offline during initial configuration (bsc#1236392). * Make sure udev and systemd notice changes in multipath path state when devices are added to or removed from multipath maps (bsc#1236321). The following package changes have been done: - libmpath0-0.9.8+111+suse.b7ee850-150600.3.3.3 updated - kpartx-0.9.8+111+suse.b7ee850-150600.3.3.3 updated From sle-container-updates at lists.suse.com Mon Mar 24 12:32:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Mar 2025 13:32:39 +0100 (CET) Subject: SUSE-CU-2025:1965-1: Security update of containers/python Message-ID: <20250324123239.CBBD5FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1965-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-45.5 Container Release : 45.5 Severity : low Type : security References : 1238450 1239210 CVE-2025-1795 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:982-1 Released: Fri Mar 21 15:17:03 2025 Summary: Security update for python311 Type: security Severity: low References: 1238450,1239210,CVE-2025-1795 This update for python311 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450). The following package changes have been done: - libpython3_11-1_0-3.11.11-150600.3.21.1 updated - python311-base-3.11.11-150600.3.21.1 updated - python311-3.11.11-150600.3.21.1 updated - python311-devel-3.11.11-150600.3.21.1 updated From sle-container-updates at lists.suse.com Mon Mar 24 12:33:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Mar 2025 13:33:13 +0100 (CET) Subject: SUSE-CU-2025:1966-1: Recommended update of suse/sle15 Message-ID: <20250324123313.0157AFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1966-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.19 , suse/sle15:15.6 , suse/sle15:15.6.47.20.19 Container Release : 47.20.19 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated From sle-container-updates at lists.suse.com Mon Mar 24 12:33:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Mar 2025 13:33:32 +0100 (CET) Subject: SUSE-CU-2025:1974-1: Recommended update of bci/ruby Message-ID: <20250324123332.3A7B6FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1974-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-4.9 Container Release : 4.9 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:sles15-image-15.7.0-4.2.39 updated From sle-container-updates at lists.suse.com Mon Mar 24 12:33:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Mar 2025 13:33:52 +0100 (CET) Subject: SUSE-CU-2025:1982-1: Recommended update of suse/sles/15.7/virt-launcher Message-ID: <20250324123352.1FAA0FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1982-1 Container Tags : suse/sles/15.7/virt-launcher:1.4.0 , suse/sles/15.7/virt-launcher:1.4.0-150700.1.6 , suse/sles/15.7/virt-launcher:1.4.0.34.111 Container Release : 34.111 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 The following package changes have been done: - sles-release-15.7-150700.23.1 updated - timezone-2025a-150600.91.3.1 updated - suse-module-tools-15.7.5-150700.1.1 updated - xen-libs-4.20.0_08-150700.2.3 updated - container:sles15-image-15.7.0-3.39 updated From sle-container-updates at lists.suse.com Mon Mar 24 12:33:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Mar 2025 13:33:54 +0100 (CET) Subject: SUSE-CU-2025:1983-1: Recommended update of suse/sles/15.7/libguestfs-tools Message-ID: <20250324123354.5AA9FFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1983-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.4.0 , suse/sles/15.7/libguestfs-tools:1.4.0-150700.1.6 , suse/sles/15.7/libguestfs-tools:1.4.0.28.148 Container Release : 28.148 Severity : important Type : recommended References : 1189788 1216091 1236481 1237044 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:837-1 Released: Tue Mar 11 13:10:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - sles-release-15.7-150700.23.1 updated - libzypp-17.36.3-150600.3.50.1 updated - zypper-1.14.85-150600.10.28.1 updated - mdadm-4.4-150700.1.3 updated - xen-libs-4.20.0_08-150700.2.3 updated - suse-module-tools-15.7.5-150700.1.1 updated - container:sles15-image-15.7.0-3.39 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:03:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:03:26 +0100 (CET) Subject: SUSE-CU-2025:1988-1: Recommended update of containers/open-webui Message-ID: <20250325080326.A7FE5FB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1988-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.10 Container Release : 9.10 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:04:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:04:33 +0100 (CET) Subject: SUSE-IU-2025:789-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250325080433.DEA13FB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:789-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.154 , suse/sle-micro/base-5.5:latest Image Release : 5.8.154 Severity : important Type : security References : 1239465 CVE-2025-27363 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). The following package changes have been done: - libfreetype6-2.10.4-150000.4.18.1 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:17:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:17:17 +0100 (CET) Subject: SUSE-CU-2025:2001-1: Recommended update of suse/389-ds Message-ID: <20250325081717.B2159FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2001-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.14 , suse/389-ds:latest Container Release : 36.14 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:17:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:17:46 +0100 (CET) Subject: SUSE-CU-2025:2002-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250325081746.72F15FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2002-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.14 , bci/dotnet-aspnet:8.0.14-48.4 Container Release : 48.4 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:17:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:17:57 +0100 (CET) Subject: SUSE-CU-2025:2003-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250325081757.B79F7FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2003-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.3 , bci/dotnet-aspnet:9.0.3-6.4 , bci/dotnet-aspnet:latest Container Release : 6.4 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:18:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:18:26 +0100 (CET) Subject: SUSE-CU-2025:2004-1: Recommended update of bci/dotnet-sdk Message-ID: <20250325081826.E44D9FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2004-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.14 , bci/dotnet-sdk:8.0.14-52.4 Container Release : 52.4 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:18:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:18:37 +0100 (CET) Subject: SUSE-CU-2025:2005-1: Recommended update of bci/dotnet-sdk Message-ID: <20250325081837.D2D40FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2005-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.3 , bci/dotnet-sdk:9.0.3-7.4 , bci/dotnet-sdk:latest Container Release : 7.4 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:19:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:19:06 +0100 (CET) Subject: SUSE-CU-2025:2006-1: Recommended update of bci/dotnet-runtime Message-ID: <20250325081906.3DCA7FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2006-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.14 , bci/dotnet-runtime:8.0.14-48.4 Container Release : 48.4 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:19:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:19:17 +0100 (CET) Subject: SUSE-CU-2025:2007-1: Recommended update of bci/dotnet-runtime Message-ID: <20250325081917.A48B8FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2007-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.3 , bci/dotnet-runtime:9.0.3-6.4 , bci/dotnet-runtime:latest Container Release : 6.4 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:19:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:19:33 +0100 (CET) Subject: SUSE-CU-2025:2008-1: Recommended update of bci/gcc Message-ID: <20250325081933.BC070FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2008-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.40 , bci/gcc:latest Container Release : 8.40 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:19:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:19:56 +0100 (CET) Subject: SUSE-CU-2025:2009-1: Recommended update of suse/git Message-ID: <20250325081956.499BAFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2009-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-37.9 , suse/git:latest Container Release : 37.9 Severity : moderate Type : recommended References : 1236826 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:997-1 Released: Mon Mar 24 18:52:00 2025 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1236826 This update for openssh fixes the following issue: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1 The following package changes have been done: - openssh-common-9.6p1-150600.6.18.4 updated - openssh-clients-9.6p1-150600.6.18.4 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:20:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:20:18 +0100 (CET) Subject: SUSE-CU-2025:2010-1: Recommended update of bci/golang Message-ID: <20250325082019.017BAFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2010-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.7 , bci/golang:1.23.7-2.34.22 , bci/golang:oldstable , bci/golang:oldstable-2.34.22 Container Release : 34.22 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:20:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:20:44 +0100 (CET) Subject: SUSE-CU-2025:2011-1: Recommended update of bci/golang Message-ID: <20250325082044.B927DFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2011-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.42 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.42 Container Release : 55.42 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:21:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:21:11 +0100 (CET) Subject: SUSE-CU-2025:2012-1: Recommended update of bci/golang Message-ID: <20250325082111.0B018FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2012-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.1 , bci/golang:1.24.1-1.34.22 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.22 Container Release : 34.22 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:21:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:21:37 +0100 (CET) Subject: SUSE-CU-2025:2013-1: Recommended update of bci/golang Message-ID: <20250325082137.EBE70FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2013-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.41 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.41 Container Release : 55.41 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:22:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:22:04 +0100 (CET) Subject: SUSE-CU-2025:2014-1: Recommended update of bci/bci-init Message-ID: <20250325082204.BC37CFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2014-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.31.16 , bci/bci-init:latest Container Release : 31.16 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:22:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:22:40 +0100 (CET) Subject: SUSE-CU-2025:2015-1: Recommended update of bci/kiwi Message-ID: <20250325082240.896B3FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2015-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.18 , bci/kiwi:latest Container Release : 22.18 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:23:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:23:04 +0100 (CET) Subject: SUSE-CU-2025:2016-1: Recommended update of suse/nginx Message-ID: <20250325082304.18A1CFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2016-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.41 , suse/nginx:latest Container Release : 51.41 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:23:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:23:31 +0100 (CET) Subject: SUSE-CU-2025:2017-1: Recommended update of bci/nodejs Message-ID: <20250325082331.D895DFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2017-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.45 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.45 , bci/nodejs:latest Container Release : 48.45 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:23:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:23:38 +0100 (CET) Subject: SUSE-CU-2025:2018-1: Recommended update of bci/nodejs Message-ID: <20250325082338.60765FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2018-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.33 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.33 Container Release : 31.33 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 08:24:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 09:24:50 +0100 (CET) Subject: SUSE-CU-2025:2020-1: Recommended update of bci/openjdk Message-ID: <20250325082450.8856FFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2020-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.17 , bci/openjdk:latest Container Release : 33.17 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:36:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:36:35 +0100 (CET) Subject: SUSE-CU-2025:2020-1: Recommended update of bci/openjdk Message-ID: <20250325103635.6D61EFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2020-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.17 , bci/openjdk:latest Container Release : 33.17 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:37:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:37:05 +0100 (CET) Subject: SUSE-CU-2025:2021-1: Recommended update of suse/pcp Message-ID: <20250325103705.AEE8CFCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2021-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.50 , suse/pcp:latest Container Release : 42.50 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:bci-bci-init-15.6-f340a09bdec8f91435ec3d24f88da2b41d4971103d7a77ff6046c36217b2f1c8-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:37:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:37:40 +0100 (CET) Subject: SUSE-CU-2025:2022-1: Recommended update of bci/php-apache Message-ID: <20250325103740.62740FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2022-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.45 , bci/php-apache:latest Container Release : 48.45 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:38:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:38:16 +0100 (CET) Subject: SUSE-CU-2025:2023-1: Recommended update of bci/php-fpm Message-ID: <20250325103816.DA163FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2023-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.45 , bci/php-fpm:latest Container Release : 48.45 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:43:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:43:23 +0100 (CET) Subject: SUSE-CU-2025:2024-1: Recommended update of bci/php Message-ID: <20250325104323.3A7A6FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2024-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.39 , bci/php:latest Container Release : 48.39 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:44:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:44:10 +0100 (CET) Subject: SUSE-CU-2025:2025-1: Recommended update of bci/python Message-ID: <20250325104410.17453FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2025-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-62.6 Container Release : 62.6 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:44:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:44:52 +0100 (CET) Subject: SUSE-CU-2025:2026-1: Recommended update of bci/python Message-ID: <20250325104452.0913EFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2026-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-63.6 , bci/python:latest Container Release : 63.6 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:45:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:45:28 +0100 (CET) Subject: SUSE-CU-2025:2027-1: Recommended update of bci/python Message-ID: <20250325104528.630AEFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2027-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.43 Container Release : 60.43 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:45:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:45:49 +0100 (CET) Subject: SUSE-CU-2025:2028-1: Recommended update of suse/rmt-server Message-ID: <20250325104549.838D9FCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2028-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-37.12 , suse/rmt-server:latest Container Release : 37.12 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:46:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:46:26 +0100 (CET) Subject: SUSE-CU-2025:2029-1: Recommended update of bci/ruby Message-ID: <20250325104626.B7F9FFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2029-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.46 , bci/ruby:latest Container Release : 31.46 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:47:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:47:01 +0100 (CET) Subject: SUSE-CU-2025:2030-1: Recommended update of bci/rust Message-ID: <20250325104701.227BFFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2030-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.1 , bci/rust:1.84.1-2.2.7 , bci/rust:oldstable , bci/rust:oldstable-2.2.7 Container Release : 2.7 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:47:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:47:43 +0100 (CET) Subject: SUSE-CU-2025:2031-1: Recommended update of bci/rust Message-ID: <20250325104743.A6DD0FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2031-1 Container Tags : bci/rust:1.85 , bci/rust:1.85.0 , bci/rust:1.85.0-1.2.6 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.6 Container Release : 2.6 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:49:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:49:20 +0100 (CET) Subject: SUSE-CU-2025:2032-1: Recommended update of containers/python Message-ID: <20250325104920.A5299FCE3@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2032-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-45.6 Container Release : 45.6 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:49:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:49:36 +0100 (CET) Subject: SUSE-CU-2025:2033-1: Recommended update of containers/python Message-ID: <20250325104936.19787FCE3@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2033-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-52.5 Container Release : 52.5 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:50:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:50:22 +0100 (CET) Subject: SUSE-CU-2025:2034-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250325105022.E4EB4FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2034-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.18 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.18 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 10:51:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 11:51:05 +0100 (CET) Subject: SUSE-CU-2025:2035-1: Recommended update of bci/spack Message-ID: <20250325105105.9E2B1FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2035-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.12 , bci/spack:latest Container Release : 5.12 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Tue Mar 25 13:32:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 14:32:05 +0100 (CET) Subject: SUSE-CU-2025:2040-1: Security update of containers/open-webui Message-ID: <20250325133205.AC61FFCE3@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2040-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.11 Container Release : 9.11 Severity : important Type : security References : 1239465 CVE-2025-27363 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). The following package changes have been done: - libprotobuf25_5_0-25.5-150600.2.45 updated - libfreetype6-2.10.4-150000.4.18.1 updated - python311-protobuf-4.25.5-150600.2.45 updated - python311-numpy1-1.26.4-150600.1.28 updated - python311-scipy-1.14.1-150600.1.29 updated - python311-pandas-2.2.3-150600.1.29 updated - python311-scikit-learn-1.5.1-150600.1.31 updated - python311-open-webui-0.5.14-150600.1.10 updated From sle-container-updates at lists.suse.com Tue Mar 25 13:33:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 14:33:43 +0100 (CET) Subject: SUSE-IU-2025:805-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250325133343.D5344FCE3@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:805-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.155 , suse/sle-micro/base-5.5:latest Image Release : 5.8.155 Severity : moderate Type : recommended References : 1237187 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:999-1 Released: Tue Mar 25 09:30:28 2025 Summary: Recommended update for rsync Type: recommended Severity: moderate References: 1237187 This update for rsync fixes the following issues: - Broken rsyncd after protocol bump, regression reported (bsc#1237187). The following package changes have been done: - rsync-3.2.3-150400.3.23.3 updated From sle-container-updates at lists.suse.com Tue Mar 25 13:34:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 14:34:24 +0100 (CET) Subject: SUSE-IU-2025:806-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250325133424.F3ED3FCE3@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:806-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.296 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.296 Severity : moderate Type : recommended References : 1237187 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:999-1 Released: Tue Mar 25 09:30:28 2025 Summary: Recommended update for rsync Type: recommended Severity: moderate References: 1237187 This update for rsync fixes the following issues: - Broken rsyncd after protocol bump, regression reported (bsc#1237187). The following package changes have been done: - rsync-3.2.3-150400.3.23.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.155 updated From sle-container-updates at lists.suse.com Tue Mar 25 13:35:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 14:35:25 +0100 (CET) Subject: SUSE-IU-2025:807-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250325133525.C0A69FCE3@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:807-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.344 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.344 Severity : moderate Type : recommended References : 1237187 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:999-1 Released: Tue Mar 25 09:30:28 2025 Summary: Recommended update for rsync Type: recommended Severity: moderate References: 1237187 This update for rsync fixes the following issues: - Broken rsyncd after protocol bump, regression reported (bsc#1237187). The following package changes have been done: - rsync-3.2.3-150400.3.23.3 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.263 updated From sle-container-updates at lists.suse.com Tue Mar 25 13:36:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 14:36:27 +0100 (CET) Subject: SUSE-IU-2025:808-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250325133627.41180FCE3@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:808-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.263 , suse/sle-micro/5.5:latest Image Release : 5.5.263 Severity : moderate Type : recommended References : 1237187 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:999-1 Released: Tue Mar 25 09:30:28 2025 Summary: Recommended update for rsync Type: recommended Severity: moderate References: 1237187 This update for rsync fixes the following issues: - Broken rsyncd after protocol bump, regression reported (bsc#1237187). The following package changes have been done: - rsync-3.2.3-150400.3.23.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.155 updated From sle-container-updates at lists.suse.com Tue Mar 25 13:48:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 14:48:30 +0100 (CET) Subject: SUSE-CU-2025:2049-1: Security update of bci/kiwi Message-ID: <20250325134830.28753FCE8@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2049-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.19 , bci/kiwi:latest Container Release : 22.19 Severity : important Type : security References : 1239465 CVE-2025-27363 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). The following package changes have been done: - libfreetype6-2.10.4-150000.4.18.1 updated From sle-container-updates at lists.suse.com Tue Mar 25 13:48:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 14:48:54 +0100 (CET) Subject: SUSE-CU-2025:2050-1: Security update of suse/nginx Message-ID: <20250325134854.0C17AFCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2050-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.42 , suse/nginx:latest Container Release : 51.42 Severity : important Type : security References : 1239465 CVE-2025-27363 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). The following package changes have been done: - libfreetype6-2.10.4-150000.4.18.1 updated From sle-container-updates at lists.suse.com Tue Mar 25 13:49:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Mar 2025 14:49:28 +0100 (CET) Subject: SUSE-CU-2025:2051-1: Security update of bci/openjdk Message-ID: <20250325134928.F1A86FCE8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2051-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.18 , bci/openjdk:latest Container Release : 33.18 Severity : important Type : security References : 1239465 CVE-2025-27363 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). The following package changes have been done: - libfreetype6-2.10.4-150000.4.18.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:02:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:02:57 +0100 (CET) Subject: SUSE-CU-2025:2054-1: Recommended update of containers/milvus Message-ID: <20250326080257.89325FCE3@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2054-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.70 Container Release : 7.70 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libprotobuf25_5_0-25.5-150600.2.46 updated - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:04:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:04:09 +0100 (CET) Subject: SUSE-CU-2025:2055-1: Recommended update of containers/open-webui Message-ID: <20250326080409.A341DFB9D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2055-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.12 Container Release : 9.12 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libprotobuf25_5_0-25.5-150600.2.46 updated - libsystemd0-254.24-150600.4.28.1 updated - python311-protobuf-4.25.5-150600.2.46 updated - python311-open-webui-0.5.14-150600.1.11 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:08:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:08:22 +0100 (CET) Subject: SUSE-CU-2025:2056-1: Recommended update of suse/389-ds Message-ID: <20250326080822.A98B5FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2056-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.15 , suse/389-ds:latest Container Release : 36.15 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:08:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:08:28 +0100 (CET) Subject: SUSE-CU-2025:2057-1: Recommended update of suse/cosign Message-ID: <20250326080828.F20E6FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2057-1 Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-8.36 , suse/cosign:latest Container Release : 8.36 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libudev1-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:08:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:08:53 +0100 (CET) Subject: SUSE-CU-2025:2058-1: Recommended update of bci/gcc Message-ID: <20250326080853.2B607FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2058-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.41 , bci/gcc:latest Container Release : 8.41 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:09:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:09:29 +0100 (CET) Subject: SUSE-CU-2025:2059-1: Recommended update of bci/golang Message-ID: <20250326080929.40449FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2059-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.43 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.43 Container Release : 55.43 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:10:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:10:10 +0100 (CET) Subject: SUSE-CU-2025:2060-1: Recommended update of bci/golang Message-ID: <20250326081010.C4D1EFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2060-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.1 , bci/golang:1.24.1-1.34.23 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.23 Container Release : 34.23 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:10:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:10:48 +0100 (CET) Subject: SUSE-CU-2025:2061-1: Recommended update of bci/golang Message-ID: <20250326081048.CD923FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2061-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.42 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.42 Container Release : 55.42 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:11:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:11:15 +0100 (CET) Subject: SUSE-CU-2025:2062-1: Security update of suse/helm Message-ID: <20250326081115.223E7FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2062-1 Container Tags : suse/helm:3 , suse/helm:3.17 , suse/helm:3.17.2 , suse/helm:3.17.2-37.9 , suse/helm:latest Container Release : 37.9 Severity : moderate Type : security References : 1238688 CVE-2025-22870 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1007-1 Released: Tue Mar 25 09:44:39 2025 Summary: Security update for helm Type: security Severity: moderate References: 1238688,CVE-2025-22870 This update for helm fixes the following issues: - CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238688). Other fixes: - Updated to version 3.17.2 - Updated to 0.37.0 for x/net The following package changes have been done: - helm-3.17.2-150000.1.44.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:11:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:11:52 +0100 (CET) Subject: SUSE-CU-2025:2063-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250326081152.F1EEBFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2063-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.18 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.18 Severity : important Type : security References : 1234015 1236643 1236826 1236886 1239465 CVE-2025-27363 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:997-1 Released: Mon Mar 24 18:52:00 2025 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1236826 This update for openssh fixes the following issue: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libfreetype6-2.10.4-150000.4.18.1 updated - libsystemd0-254.24-150600.4.28.1 updated - libudev1-254.24-150600.4.28.1 updated - openssh-clients-9.6p1-150600.6.18.4 updated - openssh-common-9.6p1-150600.6.18.4 updated - openssh-server-9.6p1-150600.6.18.4 updated - openssh-9.6p1-150600.6.18.4 updated - systemd-254.24-150600.4.28.1 updated - udev-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:12:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:12:27 +0100 (CET) Subject: SUSE-CU-2025:2064-1: Recommended update of bci/bci-init Message-ID: <20250326081227.E138BFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2064-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.31.17 , bci/bci-init:latest Container Release : 31.17 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated - systemd-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:13:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:13:09 +0100 (CET) Subject: SUSE-CU-2025:2065-1: Recommended update of bci/kiwi Message-ID: <20250326081309.546DEFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2065-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.20 , bci/kiwi:latest Container Release : 22.20 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated - systemd-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:13:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:13:42 +0100 (CET) Subject: SUSE-CU-2025:2066-1: Recommended update of bci/nodejs Message-ID: <20250326081342.DD1CDFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2066-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.46 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.46 , bci/nodejs:latest Container Release : 48.46 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:13:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:13:50 +0100 (CET) Subject: SUSE-CU-2025:2067-1: Recommended update of bci/nodejs Message-ID: <20250326081350.6BEF1FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2067-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.34 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.34 Container Release : 31.34 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:13:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:13:56 +0100 (CET) Subject: SUSE-CU-2025:2068-1: Security update of bci/openjdk-devel Message-ID: <20250326081356.43AC2FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2068-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-4.13 Container Release : 4.13 Severity : important Type : security References : 1227637 1236165 1239465 CVE-2025-27363 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libfreetype6-2.10.4-150000.4.18.1 updated - container:bci-openjdk-17-ba68096b1b1eb65d2ee4a8426ef7484a25a2038d8bf092b2deaeb781ded9e06d-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:14:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:14:01 +0100 (CET) Subject: SUSE-CU-2025:2069-1: Security update of bci/openjdk Message-ID: <20250326081401.A9E24FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2069-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-4.9 Container Release : 4.9 Severity : important Type : security References : 1227637 1236165 1239465 CVE-2025-27363 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libfreetype6-2.10.4-150000.4.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-9c4d06ece69b130094c7f3750b2c9fc3b133462def45fa11634894cf7ea4d621-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:14:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:14:45 +0100 (CET) Subject: SUSE-CU-2025:2070-1: Security update of bci/openjdk-devel Message-ID: <20250326081445.6935AFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2070-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.28 , bci/openjdk-devel:latest Container Release : 33.28 Severity : important Type : security References : 1239465 CVE-2025-27363 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). The following package changes have been done: - libfreetype6-2.10.4-150000.4.18.1 updated - container:bci-openjdk-21-7292ec9abd75aeabb976f90a89e6b33642de5fc48286643a284cc4cc823427e2-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:15:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:15:25 +0100 (CET) Subject: SUSE-CU-2025:2071-1: Recommended update of bci/openjdk Message-ID: <20250326081525.F10CEFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2071-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.19 , bci/openjdk:latest Container Release : 33.19 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:15:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:15:57 +0100 (CET) Subject: SUSE-CU-2025:2072-1: Recommended update of suse/postgres Message-ID: <20250326081557.34F5AFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2072-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-61.9 Container Release : 61.9 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:16:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:16:42 +0100 (CET) Subject: SUSE-CU-2025:2073-1: Recommended update of bci/python Message-ID: <20250326081642.EB5B8FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2073-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-62.7 Container Release : 62.7 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 08:17:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 09:17:18 +0100 (CET) Subject: SUSE-CU-2025:2074-1: Recommended update of bci/python Message-ID: <20250326081718.10DF0FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2074-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.44 Container Release : 60.44 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:27:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:27:29 +0100 (CET) Subject: SUSE-CU-2025:2086-1: Recommended update of suse/git Message-ID: <20250326102729.0C416FCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2086-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-37.12 , suse/git:latest Container Release : 37.12 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libudev1-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:27:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:27:59 +0100 (CET) Subject: SUSE-CU-2025:2087-1: Recommended update of bci/golang Message-ID: <20250326102759.D8411FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2087-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.7 , bci/golang:1.23.7-2.34.25 , bci/golang:oldstable , bci/golang:oldstable-2.34.25 Container Release : 34.25 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated - container:registry.suse.com-bci-bci-base-15.6-35b37108e267992f6a9e4a847e4ed01ef916cde04311c5ba8d2bad59054116c2-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:31:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:31:24 +0100 (CET) Subject: SUSE-CU-2025:2094-1: Recommended update of bci/openjdk Message-ID: <20250326103124.BA70CFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2094-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-4.12 Container Release : 4.12 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated - container:registry.suse.com-bci-bci-base-15.6-35b37108e267992f6a9e4a847e4ed01ef916cde04311c5ba8d2bad59054116c2-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:31:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:31:54 +0100 (CET) Subject: SUSE-CU-2025:2095-1: Recommended update of suse/pcp Message-ID: <20250326103154.D3B72FCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2095-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.53 , suse/pcp:latest Container Release : 42.53 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated - systemd-254.24-150600.4.28.1 updated - container:bci-bci-init-15.6-74f8509c1c179646c0722578b24d04aa63d23ba40fe52e7a9218800202cafcdb-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:32:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:32:30 +0100 (CET) Subject: SUSE-CU-2025:2096-1: Security update of bci/php-apache Message-ID: <20250326103230.95A91FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2096-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.28 , bci/php-apache:8.2.28-48.49 , bci/php-apache:latest Container Release : 48.49 Severity : important Type : security References : 1234015 1236643 1236886 1239664 1239666 1239667 1239668 1239669 1239670 CVE-2024-11235 CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1012-1 Released: Tue Mar 25 13:47:29 2025 Summary: Security update for php8 Type: security Severity: important References: 1239664,1239666,1239667,1239668,1239669,1239670,CVE-2024-11235,CVE-2025-1217,CVE-2025-1219,CVE-2025-1734,CVE-2025-1736,CVE-2025-1861 This update for php8 fixes the following issues: - CVE-2025-1217: Fixed header parser of `http` stream wrapper not handling folded headers (bsc#1239664) - CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666) - CVE-2025-1219: Fixed libxml streams using wrong `content-type` header when requesting a redirected resource (bsc#1239667) - CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668) - CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669) - CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670) Version update to 8.2.28: Core: Fixed bug GH-17211 (observer segfault on function loaded with dl()). LibXML: Fixed GHSA-wg4p-4hqh-c3g9. Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). Version update version 8.2.27 Calendar: Fixed jdtogregorian overflow. Fixed cal_to_jd julian_days argument overflow. COM: Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults). Core: Fail early in *nix configuration build script. Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)). Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469). Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs). Fix is_zend_ptr() huge block comparison. Fixed potential OOB read in zend_dirname() on Windows. Curl: Fix various memory leaks in curl mime handling. FPM: Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). GD: Fixed GH-16776 (imagecreatefromstring overflow). GMP: Revert gmp_pow() overly restrictive overflow checks. Hash: Fixed GH-16711: Segfault in mhash(). Opcache: Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF). Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads). Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). OpenSSL: Prevent unexpected array entry conversion when reading key. Fix various memory leaks related to openssl exports. Fix memory leak in php_openssl_pkey_from_zval(). PDO: Fixed memory leak of `setFetchMode()`. Phar: Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks). PHPDBG: Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). SAPI: Fixed bug GH-16998 (UBSAN warning in rfc1867). SimpleXML: Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input). SNMP: Fixed bug GH-16959 (snmget modifies the object_id array). Standard: Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties). Streams: Fixed network connect poll interuption handling. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated - php8-cli-8.2.28-150600.3.16.1 updated - php8-8.2.28-150600.3.16.1 updated - apache2-mod_php8-8.2.28-150600.3.16.1 updated - php8-openssl-8.2.28-150600.3.16.1 updated - php8-mbstring-8.2.28-150600.3.16.1 updated - php8-zlib-8.2.28-150600.3.16.1 updated - php8-zip-8.2.28-150600.3.16.1 updated - php8-curl-8.2.28-150600.3.16.1 updated - php8-phar-8.2.28-150600.3.16.1 updated - container:registry.suse.com-bci-bci-base-15.6-35b37108e267992f6a9e4a847e4ed01ef916cde04311c5ba8d2bad59054116c2-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:33:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:33:04 +0100 (CET) Subject: SUSE-CU-2025:2097-1: Security update of bci/php-fpm Message-ID: <20250326103304.783C7FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2097-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.28 , bci/php-fpm:8.2.28-48.49 , bci/php-fpm:latest Container Release : 48.49 Severity : important Type : security References : 1234015 1236643 1236886 1239664 1239666 1239667 1239668 1239669 1239670 CVE-2024-11235 CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1012-1 Released: Tue Mar 25 13:47:29 2025 Summary: Security update for php8 Type: security Severity: important References: 1239664,1239666,1239667,1239668,1239669,1239670,CVE-2024-11235,CVE-2025-1217,CVE-2025-1219,CVE-2025-1734,CVE-2025-1736,CVE-2025-1861 This update for php8 fixes the following issues: - CVE-2025-1217: Fixed header parser of `http` stream wrapper not handling folded headers (bsc#1239664) - CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666) - CVE-2025-1219: Fixed libxml streams using wrong `content-type` header when requesting a redirected resource (bsc#1239667) - CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668) - CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669) - CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670) Version update to 8.2.28: Core: Fixed bug GH-17211 (observer segfault on function loaded with dl()). LibXML: Fixed GHSA-wg4p-4hqh-c3g9. Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). Version update version 8.2.27 Calendar: Fixed jdtogregorian overflow. Fixed cal_to_jd julian_days argument overflow. COM: Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults). Core: Fail early in *nix configuration build script. Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)). Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469). Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs). Fix is_zend_ptr() huge block comparison. Fixed potential OOB read in zend_dirname() on Windows. Curl: Fix various memory leaks in curl mime handling. FPM: Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). GD: Fixed GH-16776 (imagecreatefromstring overflow). GMP: Revert gmp_pow() overly restrictive overflow checks. Hash: Fixed GH-16711: Segfault in mhash(). Opcache: Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF). Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads). Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). OpenSSL: Prevent unexpected array entry conversion when reading key. Fix various memory leaks related to openssl exports. Fix memory leak in php_openssl_pkey_from_zval(). PDO: Fixed memory leak of `setFetchMode()`. Phar: Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks). PHPDBG: Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). SAPI: Fixed bug GH-16998 (UBSAN warning in rfc1867). SimpleXML: Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input). SNMP: Fixed bug GH-16959 (snmget modifies the object_id array). Standard: Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties). Streams: Fixed network connect poll interuption handling. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - php8-cli-8.2.28-150600.3.16.1 updated - libsystemd0-254.24-150600.4.28.1 updated - php8-8.2.28-150600.3.16.1 updated - php8-fpm-8.2.28-150600.3.16.1 updated - php8-openssl-8.2.28-150600.3.16.1 updated - php8-mbstring-8.2.28-150600.3.16.1 updated - php8-zlib-8.2.28-150600.3.16.1 updated - php8-zip-8.2.28-150600.3.16.1 updated - php8-curl-8.2.28-150600.3.16.1 updated - php8-phar-8.2.28-150600.3.16.1 updated - container:registry.suse.com-bci-bci-base-15.6-35b37108e267992f6a9e4a847e4ed01ef916cde04311c5ba8d2bad59054116c2-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:33:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:33:34 +0100 (CET) Subject: SUSE-CU-2025:2098-1: Security update of bci/php Message-ID: <20250326103334.C2B3DFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2098-1 Container Tags : bci/php:8 , bci/php:8.2.28 , bci/php:8.2.28-48.42 , bci/php:latest Container Release : 48.42 Severity : important Type : security References : 1239664 1239666 1239667 1239668 1239669 1239670 CVE-2024-11235 CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1012-1 Released: Tue Mar 25 13:47:29 2025 Summary: Security update for php8 Type: security Severity: important References: 1239664,1239666,1239667,1239668,1239669,1239670,CVE-2024-11235,CVE-2025-1217,CVE-2025-1219,CVE-2025-1734,CVE-2025-1736,CVE-2025-1861 This update for php8 fixes the following issues: - CVE-2025-1217: Fixed header parser of `http` stream wrapper not handling folded headers (bsc#1239664) - CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666) - CVE-2025-1219: Fixed libxml streams using wrong `content-type` header when requesting a redirected resource (bsc#1239667) - CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668) - CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669) - CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670) Version update to 8.2.28: Core: Fixed bug GH-17211 (observer segfault on function loaded with dl()). LibXML: Fixed GHSA-wg4p-4hqh-c3g9. Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). Version update version 8.2.27 Calendar: Fixed jdtogregorian overflow. Fixed cal_to_jd julian_days argument overflow. COM: Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults). Core: Fail early in *nix configuration build script. Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)). Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469). Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs). Fix is_zend_ptr() huge block comparison. Fixed potential OOB read in zend_dirname() on Windows. Curl: Fix various memory leaks in curl mime handling. FPM: Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). GD: Fixed GH-16776 (imagecreatefromstring overflow). GMP: Revert gmp_pow() overly restrictive overflow checks. Hash: Fixed GH-16711: Segfault in mhash(). Opcache: Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF). Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads). Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). OpenSSL: Prevent unexpected array entry conversion when reading key. Fix various memory leaks related to openssl exports. Fix memory leak in php_openssl_pkey_from_zval(). PDO: Fixed memory leak of `setFetchMode()`. Phar: Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks). PHPDBG: Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). SAPI: Fixed bug GH-16998 (UBSAN warning in rfc1867). SimpleXML: Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input). SNMP: Fixed bug GH-16959 (snmget modifies the object_id array). Standard: Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties). Streams: Fixed network connect poll interuption handling. The following package changes have been done: - php8-cli-8.2.28-150600.3.16.1 updated - php8-8.2.28-150600.3.16.1 updated - php8-openssl-8.2.28-150600.3.16.1 updated - php8-mbstring-8.2.28-150600.3.16.1 updated - php8-zlib-8.2.28-150600.3.16.1 updated - php8-readline-8.2.28-150600.3.16.1 updated - php8-curl-8.2.28-150600.3.16.1 updated - php8-phar-8.2.28-150600.3.16.1 updated - php8-zip-8.2.28-150600.3.16.1 updated - container:registry.suse.com-bci-bci-base-15.6-35b37108e267992f6a9e4a847e4ed01ef916cde04311c5ba8d2bad59054116c2-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:33:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:33:48 +0100 (CET) Subject: SUSE-CU-2025:2099-1: Recommended update of suse/postgres Message-ID: <20250326103348.B8F7FFCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2099-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-42.11 , suse/postgres:latest Container Release : 42.11 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:35:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:35:21 +0100 (CET) Subject: SUSE-CU-2025:2101-1: Recommended update of bci/python Message-ID: <20250326103521.6C987FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2101-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-63.9 , bci/python:latest Container Release : 63.9 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated - container:registry.suse.com-bci-bci-base-15.6-35b37108e267992f6a9e4a847e4ed01ef916cde04311c5ba8d2bad59054116c2-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:35:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:35:59 +0100 (CET) Subject: SUSE-CU-2025:2074-1: Recommended update of bci/python Message-ID: <20250326103559.06407FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2074-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.44 Container Release : 60.44 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:36:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:36:22 +0100 (CET) Subject: SUSE-CU-2025:2103-1: Recommended update of suse/rmt-server Message-ID: <20250326103622.6EAB9FCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2103-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-37.15 , suse/rmt-server:latest Container Release : 37.15 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libudev1-254.24-150600.4.28.1 updated - container:registry.suse.com-bci-bci-base-15.6-35b37108e267992f6a9e4a847e4ed01ef916cde04311c5ba8d2bad59054116c2-0 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:36:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:36:59 +0100 (CET) Subject: SUSE-CU-2025:2104-1: Recommended update of bci/ruby Message-ID: <20250326103659.D83B5FCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2104-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.47 , bci/ruby:latest Container Release : 31.47 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:40:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:40:49 +0100 (CET) Subject: SUSE-CU-2025:2109-1: Recommended update of suse/sle15 Message-ID: <20250326104049.84E35FCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2109-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.20 , suse/sle15:15.6 , suse/sle15:15.6.47.20.20 Container Release : 47.20.20 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libudev1-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:41:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:41:32 +0100 (CET) Subject: SUSE-CU-2025:2110-1: Recommended update of bci/spack Message-ID: <20250326104132.B3D3AFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2110-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.13 , bci/spack:latest Container Release : 5.13 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:41:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:41:54 +0100 (CET) Subject: SUSE-CU-2025:2114-1: Recommended update of bci/bci-init Message-ID: <20250326104154.867BAFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2114-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-3.62 Container Release : 3.62 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libopenssl3-3.2.3-150700.3.11 updated - libopenssl-3-fips-provider-3.2.3-150700.3.11 updated - sles-release-15.7-150700.23.3 updated - libsystemd0-254.24-150600.4.28.1 updated - systemd-254.24-150600.4.28.1 updated - container:sles15-image-15.7.0-4.2.42 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:42:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:42:15 +0100 (CET) Subject: SUSE-CU-2025:2117-1: Recommended update of bci/python Message-ID: <20250326104215.4636AFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2117-1 Container Tags : bci/python:3.13 , bci/python:3.13.0 , bci/python:3.13.0-5.7 Container Release : 5.7 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libopenssl3-3.2.3-150700.3.11 updated - libopenssl-3-fips-provider-3.2.3-150700.3.11 updated - openssl-3-3.2.3-150700.3.11 updated - libpython3_13-1_0-3.13.0-150700.2.13 updated - python313-base-3.13.0-150700.2.13 updated - libsystemd0-254.24-150600.4.28.1 updated - python313-devel-3.13.0-150700.2.13 updated - container:sles15-image-15.7.0-4.2.42 updated From sle-container-updates at lists.suse.com Wed Mar 26 10:42:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Mar 2025 11:42:22 +0100 (CET) Subject: SUSE-CU-2025:2118-1: Recommended update of bci/ruby Message-ID: <20250326104222.0669EFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2118-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-4.12 Container Release : 4.12 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libopenssl3-3.2.3-150700.3.11 updated - libopenssl-3-fips-provider-3.2.3-150700.3.11 updated - libruby2_5-2_5-2.5.9-150700.22.8 updated - libruby3_4-3_4-3.4.1-150700.1.5 updated - libsystemd0-254.24-150600.4.28.1 updated - ruby2.5-stdlib-2.5.9-150700.22.8 updated - ruby2.5-rubygem-gem2rpm-0.10.1-150700.20.7 updated - ruby2.5-2.5.9-150700.22.8 updated - ruby3.4-3.4.1-150700.1.5 updated - ruby3.4-devel-3.4.1-150700.1.5 updated - container:sles15-image-15.7.0-4.2.42 updated From sle-container-updates at lists.suse.com Thu Mar 27 08:15:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 09:15:39 +0100 (CET) Subject: SUSE-CU-2025:2138-1: Recommended update of suse/sle15 Message-ID: <20250327081539.2C7D8FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2138-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.43 , suse/sle15:15.7 , suse/sle15:15.7-4.2.43 Container Release : 4.2.43 Severity : important Type : recommended References : 1234015 1236643 1236886 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - libudev1-254.24-150600.4.28.1 updated - sle-module-basesystem-release-15.7-150700.24.1 updated - sle-module-python3-release-15.7-150700.24.1 updated - sle-module-server-applications-release-15.7-150700.24.1 updated - sles-release-15.7-150700.24.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:26:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:26:07 +0100 (CET) Subject: SUSE-IU-2025:820-1: Security update of suse/sle-micro/5.5 Message-ID: <20250327162607.98C96FB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:820-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.264 , suse/sle-micro/5.5:latest Image Release : 5.5.264 Severity : important Type : security References : 1239330 CVE-2024-6104 CVE-2025-22869 CVE-2025-27144 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1038-1 Released: Thu Mar 27 10:44:35 2025 Summary: Security update for podman Type: security Severity: important References: 1239330,CVE-2024-6104,CVE-2025-22869,CVE-2025-27144 This update for podman fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330). The following package changes have been done: - podman-4.9.5-150500.3.40.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:29:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:29:04 +0100 (CET) Subject: SUSE-CU-2025:2143-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250327162904.CB373FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2143-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.103 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.103 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:30:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:30:29 +0100 (CET) Subject: SUSE-CU-2025:2144-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250327163029.31466FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2144-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.103 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.103 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:31:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:31:12 +0100 (CET) Subject: SUSE-CU-2025:2145-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250327163112.02CB8FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2145-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.61 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.61 , suse/ltss/sle15.3/sle15:latest Container Release : 2.61 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:32:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:32:20 +0100 (CET) Subject: SUSE-CU-2025:2147-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250327163220.6AE34FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2147-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.30 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.30 , suse/ltss/sle15.4/sle15:latest Container Release : 2.30 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:35:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:35:23 +0100 (CET) Subject: SUSE-CU-2025:2148-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250327163523.96DA1FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2148-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.20 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.20 , suse/ltss/sle15.5/sle15:latest Container Release : 4.20 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:35:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:35:34 +0100 (CET) Subject: SUSE-CU-2025:2149-1: Recommended update of suse/cosign Message-ID: <20250327163534.2AB95FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2149-1 Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-8.39 , suse/cosign:latest Container Release : 8.39 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:36:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:36:12 +0100 (CET) Subject: SUSE-CU-2025:2150-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250327163612.EA277FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2150-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.19 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.19 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:38:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:38:13 +0100 (CET) Subject: SUSE-CU-2025:2151-1: Recommended update of suse/sle15 Message-ID: <20250327163813.85018FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2151-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.21 , suse/sle15:15.6 , suse/sle15:15.6.47.20.21 Container Release : 47.20.21 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:39:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:39:27 +0100 (CET) Subject: SUSE-CU-2025:2163-1: Recommended update of suse/sle15 Message-ID: <20250327163927.AD62DFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2163-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.44 , suse/sle15:15.7 , suse/sle15:15.7-4.2.44 Container Release : 4.2.44 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:41:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:41:52 +0100 (CET) Subject: SUSE-CU-2025:2167-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250327164152.03B3CFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2167-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.99 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.99 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Thu Mar 27 16:46:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Mar 2025 17:46:23 +0100 (CET) Subject: SUSE-CU-2025:2169-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250327164623.EE44DFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2169-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.101 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.101 Severity : moderate Type : recommended References : 1236779 1237294 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted The following package changes have been done: - suse-build-key-12.0-150000.8.58.1 updated From sle-container-updates at lists.suse.com Fri Mar 28 08:06:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Mar 2025 09:06:47 +0100 (CET) Subject: SUSE-IU-2025:821-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250328080647.AC083FB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:821-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.14 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.14 Severity : important Type : recommended References : 1213470 1221385 1221386 1222979 1222983 1222984 1222986 1222987 1223252 1225381 1226274 1227298 1227399 1228046 1228047 1228048 1228050 1228051 1228052 1228216 1228255 1228256 1228257 1228258 1230400 CVE-2024-0760 CVE-2024-1737 CVE-2024-1975 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 CVE-2024-23672 CVE-2024-23984 CVE-2024-24549 CVE-2024-24968 CVE-2024-29857 CVE-2024-30171 CVE-2024-30172 CVE-2024-34750 CVE-2024-4076 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 54 Released: Thu Mar 27 12:45:03 2025 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216,1230400,CVE-2024-23984,CVE-2024-24968 This update for strace fixes the following issues: - Update to strace 6.13 * Implemented decoding of getxattrat, setxattrat, listxattrat, and removexattrat syscalls. * Updated decoding of struct io_uring_clone_buffers, struct io_uring_napi, and struct perf_event_attr. * Updated decoding of crypto_user_alg netlink attributes of NETLINK_CRYPTO. * Implemented decoding of IFLA_MCTP_PHYS_BINDING netlink attribute. * Updated lists of AT_*, BPF_*, FAN_*, IORING_*, MADV_*, NT_*, and SCM_* constants. * Updated lists of ioctl commands from Linux 6.13. - Update to strace 6.12 * Implemented decoding of EPIOCGPARAMS and EPIOCSPARAMS ioctl commands. * Implemented decoding of NS_GET_MNTNS_ID, NS_GET_PID_FROM_PIDNS, NS_GET_TGID_FROM_PIDNS, NS_GET_PID_IN_PIDNS, NS_GET_TGID_IN_PIDNS, NS_MNT_GET_INFO, NS_MNT_GET_NEXT, and NS_MNT_GET_PREV ioctl commands. * Implemented decoding of FRA_DSCP netlink attribute. * Implemented decoding of IORING_REGISTER_CLOCK and IORING_REGISTER_CLONE_BUFFERS opcodes of io_uring_register syscall. * Updated decoding of struct landlock_ruleset_attr. * Updated lists of AUDIT_*, ETHTOOL_*, F_*, IORING_*, LSM_*, MAP_*, MSG_*, NT_*, SCHED_*, SCM_*, SO_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.12. * Fix the syscall name printed by strace when PTRACE_GET_SYSCALL_INFO is in use and a syscall is restarted by a just attached tracee using restart_syscall mechanism. - Update to strace 6.11 * Implemented decoding of uretprobe syscall. * Implemented decoding of WDIOC_GETSUPPORT and WDIOC_SETOPTIONS ioctl commands. * Enhanced decoding of unknown ioctl commands in non-abbreviated mode by printing the contents of the ioctl argument buffer in hexadecimal format. * Updated decoding of listmount, statmount, and statx syscalls. * Updated lists of ETHTOOL_*, IORING_*, IPPROTO_*, RWF_*, STATX_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.11. - Update License tag (bsc#1228216) - Update to strace 6.10 * Implemented --decode-fds=eventfd option to retrieve eventfd object details associated with eventfd file descriptors. * Implemented decoding of NETLINK_GENERIC nlctrl protocol. * Implemented decoding of F_DUPFD_QUERY fcntl. * Implemented decoding of mseal syscall. * Updated decoding of statx and prctl syscalls. * Updated decoding of BPF_RAW_TRACEPOINT_OPEN bpf command. * Updated lists of BPF_*, IORING_*, KEXEC_*, KEY_*, LANDLOCK_*, PR_*, STATX_*, TCP_*, TEE_*, V4L2_*, and *_MAGIC constants. * Updated lists of ioctl commands from Linux 6.10. * Worked around a bug introduced in Linux 6.5 that affected system call tampering on riscv64. - Update to strace 6.9 * Implemented --always-show-pid option. * The --user|-u option has learned to recognize numeric UID:GID pair, allowing e.g. statically-built strace to be used without invoking nss plugins. * Implemented decoding of IORING_REGISTER_SYNC_CANCEL, IORING_REGISTER_FILE_ALLOC_RANGE, IORING_REGISTER_PBUF_STATUS, IORING_REGISTER_NAPI, and IORING_UNREGISTER_NAPI opcodes of io_uring_register syscall. * Implemented decoding of BPF_TOKEN_CREATE bpf syscall command. * Updated decoding of io_uring_register and pidfd_send_signal syscalls. * Updated lists of BPF_*, CAN_*, IORING_*, KEY_*, LSM_*, MPOL_*, NT_*, RWF_*, PIDFD_*, PTP_*, TCP_*, and *_MAGIC constants. * Updated lists of ioctl commands from Linux 6.9. - Update to strace 6.8 * Renamed --stack-traces to --stack-trace for consistency. Old option is retained for backwards compatibility. * Implemented --stack-trace-frame-limit=N option for configuring the limit of the number of printed backtrace frames. * Implemented decoding of statmount, listmount, lsm_get_self_attr, lsm_set_self_attr, and lsm_list_modules syscalls. * Implemented decoding of setsockopt(TCP_AO_ADD_KEY). * Updated decoding of landlock_create_ruleset and landlock_add_rule syscalls. * Updated decoding of SMC_DIAG_DMBINFO netlink attribute. * Updated decoding of UBI_IOCATT ioctl command. * Enhanced decoding of mount attributes of fsmount and mount_setattr syscalls. * Updated lists of BPF_*, KEXEC_*, KVM_*, PERF_*, SOL_*, STATX_*, UFFD_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.8. ----------------------------------------------------------------- Advisory ID: 55 Released: Thu Mar 27 12:47:24 2025 Summary: Recommended update for lshw Type: recommended Severity: important References: 1213470,1221385,1221386,1222979,1222983,1222984,1222986,1222987,1223252,1225381,1226274,1227298,1227399,1228046,1228047,1228048,1228050,1228051,1228052,1228255,1228256,1228257,1228258,CVE-2024-0760,CVE-2024-1737,CVE-2024-1975,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21085,CVE-2024-21094,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21144,CVE-2024-21145,CVE-2024-21147,CVE-2024-23672,CVE-2024-24549,CVE-2024-29857,CVE-2024-30171,CVE-2024-30172,CVE-2024-34750,CVE-2024-4076 This update for lshw fixes the following issues: - Update to version B.02.20 (jsc#9912): * update changelog * update data files * get rid of GTK deprecation warning * get rid of some snprintf warnings * Add support for 100Gbit interfaces The following package changes have been done: - strace-6.13-slfo.1.1_1.1 updated - lshw-B.02.20-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.13 updated From sle-container-updates at lists.suse.com Thu Mar 20 08:24:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Mar 2025 09:24:06 +0100 (CET) Subject: SUSE-CU-2025:1912-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250320082406.30A14FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1912-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.16 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.16 Severity : important Type : security References : 1012628 1215199 1219367 1220893 1220895 1220896 1222672 1222803 1225606 1225742 1225936 1225939 1225941 1225942 1225981 1227937 1228521 1230235 1230438 1230439 1230497 1231432 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232508 1232520 1232919 1233028 1233109 1233483 1233749 1234070 1234853 1234857 1234891 1234894 1234895 1234896 1234963 1235032 1235054 1235061 1235073 1235435 1235485 1235592 1235599 1235609 1235932 1235933 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236573 1236575 1236576 1236591 1236661 1236677 1236681 1236682 1236684 1236689 1236700 1236702 1236752 1236759 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237232 1237234 1237325 1237356 1237415 1237452 1237504 1237521 1237558 1237562 1237563 1237848 1237849 1237879 1237889 1237891 1237901 1237950 1238214 1238303 1238347 1238368 1238509 1238525 1238570 1238739 1238751 1238753 1238759 1238860 1238863 1238877 CVE-2023-52924 CVE-2023-52925 CVE-2024-26708 CVE-2024-26810 CVE-2024-40980 CVE-2024-41055 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-47701 CVE-2024-49884 CVE-2024-49950 CVE-2024-50029 CVE-2024-50036 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50142 CVE-2024-50185 CVE-2024-50294 CVE-2024-53123 CVE-2024-53147 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56568 CVE-2024-56579 CVE-2024-56605 CVE-2024-56633 CVE-2024-56647 CVE-2024-56720 CVE-2024-57889 CVE-2024-57948 CVE-2024-57994 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21665 CVE-2025-21667 CVE-2025-21668 CVE-2025-21673 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21705 CVE-2025-21715 CVE-2025-21716 CVE-2025-21719 CVE-2025-21724 CVE-2025-21725 CVE-2025-21728 CVE-2025-21767 CVE-2025-21790 CVE-2025-21795 CVE-2025-21799 CVE-2025-21802 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:856-1 Released: Thu Mar 13 16:46:37 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1215199,1219367,1222672,1222803,1225606,1225742,1225981,1227937,1228521,1230235,1230438,1230439,1230497,1231432,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232508,1232520,1232919,1233028,1233109,1233483,1233749,1234070,1234853,1234857,1234891,1234894,1234895,1234896,1234963,1235032,1235054,1235061,1235073,1235435,1235485,1235592,1235599,1235609,1235932,1235933,1236113,1236114,1236115,1236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236573,1236575,1236576,1236591,1236661,1236677,1236681,1236682,1236684,1236689,1236700,1236702,1236752,1236759,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237232,1237234,1237325,1237356,1237415,1237452,1237504,1237521,1237558,1237562,1237563,1237848,1237849,1237879,1237889,1237891,1237901,1237950,1238214,1238303,1238347,1238368,1238509,1238525,1238570,1238739,1238751,1238753,1238759,1238860,1238863,1238877,C VE-2023-52924,CVE-2023-52925,CVE-2024-26708,CVE-2024-26810,CVE-2024-40980,CVE-2024-41055,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-47701,CVE-2024-49884,CVE-2024-49950,CVE-2024-50029,CVE-2024-50036,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50142,CVE-2024-50185,CVE-2024-50294,CVE-2024-53123,CVE-2024-53147,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56568,CVE-2024-56579,CVE-2024-56605,CVE-2024-56633,CVE-2024-56647,CVE-2024-56720,CVE-2024-57889,CVE-2024-57948,CVE-2024-57994,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21665,CVE-2025-21667,CVE-2025-21668,CVE-2025-21673,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21705,CVE-2025-21715,CVE-2025-21716,CVE-2025-21719,CVE-2025-21724,CVE-2025-21725,CVE-2025 -21728,CVE-2025-21767,CVE-2025-21790,CVE-2025-21795,CVE-2025-21799,CVE-2025-21802 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Fix memory-hotplug regression (bsc#1237504). - Grab mm lock before grabbing pt lock (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: allocate keycode for phone linking (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094). - Use gcc-13 for build on SLE16 (jsc#PED-10028). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - doc: update managed_irq documentation (bsc#1236897). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: use ctrl state getter (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/topology: Improve topology detection (bsc#1236591). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - packaging: Turn gcc version into config.sh variable. - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] The following package changes have been done: - libgcrypt20-1.10.3-150600.3.3.1 updated - kernel-macros-6.4.0-150600.23.42.1 updated - kernel-devel-6.4.0-150600.23.42.1 updated - kernel-default-devel-6.4.0-150600.23.42.2 updated - kernel-syms-6.4.0-150600.23.42.1 updated - container:registry.suse.com-bci-bci-base-15.6-5509d0aeb86c2fa0f37d6d5949e910b9ddca414de0c075d4457366d0510bc62e-0 updated From sle-container-updates at lists.suse.com Sat Mar 22 08:02:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:02:21 +0100 (CET) Subject: SUSE-IU-2025:783-1: Security update of suse-sles-15-sp6-chost-byos-v20250320-x86_64-gen2 Message-ID: <20250322080221.8D9F4FCE3@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250320-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:783-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250320-x86_64-gen2:20250320 Image Release : Severity : important Type : security References : 1012628 1012628 1189788 1194869 1214290 1215199 1215199 1215212 1216091 1216813 1218470 1219367 1220711 1220893 1220895 1220896 1221326 1222672 1222803 1222803 1224049 1225606 1225742 1225897 1225936 1225939 1225941 1225942 1225981 1226533 1226980 1227637 1227937 1228086 1228434 1228521 1228592 1229163 1229164 1229228 1229685 1229822 1229833 1230078 1230235 1230438 1230439 1230497 1231016 1231088 1231432 1231472 1231792 1231912 1231920 1231949 1232087 1232101 1232158 1232159 1232161 1232198 1232201 1232299 1232421 1232508 1232520 1232882 1232919 1233028 1233055 1233109 1233112 1233137 1233221 1233248 1233259 1233260 1233483 1233488 1233522 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1233638 1233642 1233749 1233752 1233778 1233880 1234070 1234089 1234195 1234313 1234619 1234635 1234683 1234693 1234726 1234765 1234825 1234853 1234857 1234863 1234887 1234888 1234891 1234893 1234894 1234895 1234896 1234898 1234901 1234906 1234923 1234931 1234934 1234947 1234957 1234958 1234963 1235000 1235001 1235011 1235031 1235032 1235032 1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235046 1235050 1235051 1235053 1235054 1235054 1235057 1235059 1235061 1235065 1235070 1235073 1235073 1235100 1235112 1235115 1235117 1235122 1235123 1235125 1235132 1235133 1235155 1235160 1235217 1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241 1235244 1235249 1235251 1235252 1235389 1235390 1235391 1235406 1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423 1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433 1235435 1235437 1235439 1235441 1235444 1235445 1235449 1235451 1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480 1235483 1235485 1235486 1235487 1235488 1235489 1235491 1235494 1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235519 1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534 1235537 1235538 1235545 1235552 1235555 1235557 1235563 1235564 1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583 1235584 1235587 1235592 1235599 1235609 1235611 1235612 1235616 1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645 1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235686 1235695 1235700 1235705 1235707 1235708 1235710 1235714 1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745 1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777 1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814 1235818 1235842 1235865 1235874 1235894 1235902 1235903 1235906 1235912 1235914 1235918 1235919 1235920 1235924 1235932 1235933 1235933 1235940 1235941 1235946 1235948 1235952 1235964 1235965 1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088 1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104 1236106 1236113 1236114 1236115 1236120 1236122 1236123 1236125 1236127 1236131 1236133 1236136 1236138 1236138 1236143 1236144 1236145 1236151 1236160 1236161 1236163 1236165 1236168 1236178 1236180 1236181 1236182 1236190 1236192 1236198 1236199 1236200 1236203 1236205 1236227 1236245 1236247 1236248 1236260 1236262 1236282 1236316 1236317 1236384 1236481 1236573 1236575 1236576 1236591 1236628 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236688 1236689 1236694 1236696 1236698 1236700 1236702 1236703 1236705 1236732 1236733 1236752 1236757 1236758 1236759 1236760 1236761 1236771 1236803 1236820 1236821 1236822 1236842 1236858 1236878 1236896 1236897 1236921 1236939 1236952 1236960 1236967 1236974 1236983 1236994 1237002 1237006 1237007 1237008 1237009 1237010 1237011 1237012 1237013 1237014 1237017 1237025 1237028 1237040 1237041 1237044 1237045 1237126 1237132 1237137 1237139 1237155 1237158 1237159 1237232 1237234 1237325 1237335 1237356 1237363 1237370 1237374 1237415 1237418 1237452 1237497 1237504 1237521 1237529 1237558 1237562 1237563 1237844 1237848 1237849 1237865 1237879 1237889 1237891 1237901 1237950 1238214 1238303 1238347 1238368 1238509 1238525 1238570 1238739 1238751 1238753 1238759 1238860 1238863 1238877 1239165 CVE-2023-4016 CVE-2023-52489 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925 CVE-2024-12133 CVE-2024-12243 CVE-2024-13176 CVE-2024-26708 CVE-2024-26810 CVE-2024-26810 CVE-2024-29018 CVE-2024-36476 CVE-2024-39282 CVE-2024-40980 CVE-2024-41055 CVE-2024-43790 CVE-2024-43802 CVE-2024-43913 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-45306 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-45828 CVE-2024-46858 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143 CVE-2024-47701 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49504 CVE-2024-49569 CVE-2024-49884 CVE-2024-49948 CVE-2024-49950 CVE-2024-49951 CVE-2024-49978 CVE-2024-49998 CVE-2024-50029 CVE-2024-50036 CVE-2024-50051 CVE-2024-50073 CVE-2024-50085 CVE-2024-50106 CVE-2024-50115 CVE-2024-50142 CVE-2024-50151 CVE-2024-50185 CVE-2024-50199 CVE-2024-50251 CVE-2024-50258 CVE-2024-50294 CVE-2024-50299 CVE-2024-50304 CVE-2024-52332 CVE-2024-53091 CVE-2024-53095 CVE-2024-53123 CVE-2024-53147 CVE-2024-53164 CVE-2024-53168 CVE-2024-53170 CVE-2024-53172 CVE-2024-53173 CVE-2024-53175 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53185 CVE-2024-53187 CVE-2024-53194 CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53203 CVE-2024-53226 CVE-2024-53227 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232 CVE-2024-53233 CVE-2024-53236 CVE-2024-53239 CVE-2024-53239 CVE-2024-53685 CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916 CVE-2024-56171 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56538 CVE-2024-56539 CVE-2024-56543 CVE-2024-56546 CVE-2024-56548 CVE-2024-56548 CVE-2024-56557 CVE-2024-56558 CVE-2024-56568 CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572 CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56577 CVE-2024-56578 CVE-2024-56579 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589 CVE-2024-56590 CVE-2024-56592 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56605 CVE-2024-56606 CVE-2024-56607 CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614 CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620 CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630 CVE-2024-56631 CVE-2024-56632 CVE-2024-56633 CVE-2024-56634 CVE-2024-56635 CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643 CVE-2024-56644 CVE-2024-56647 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650 CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56658 CVE-2024-56659 CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664 CVE-2024-56665 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677 CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694 CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705 CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715 CVE-2024-56716 CVE-2024-56720 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724 CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729 CVE-2024-56737 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763 CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774 CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779 CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804 CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857 CVE-2024-57874 CVE-2024-57876 CVE-2024-57882 CVE-2024-57884 CVE-2024-57887 CVE-2024-57888 CVE-2024-57889 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893 CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932 CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940 CVE-2024-57946 CVE-2024-57948 CVE-2024-57994 CVE-2025-0395 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-0938 CVE-2025-1118 CVE-2025-1125 CVE-2025-1215 CVE-2025-21632 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21645 CVE-2025-21646 CVE-2025-21647 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652 CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663 CVE-2025-21664 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21673 CVE-2025-21674 CVE-2025-21675 CVE-2025-21676 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21682 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21705 CVE-2025-21715 CVE-2025-21716 CVE-2025-21719 CVE-2025-21724 CVE-2025-21725 CVE-2025-21728 CVE-2025-21767 CVE-2025-21790 CVE-2025-21795 CVE-2025-21799 CVE-2025-21802 CVE-2025-22134 CVE-2025-24014 CVE-2025-24928 CVE-2025-26465 CVE-2025-26466 CVE-2025-27113 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250320-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:499-1 Released: Thu Feb 13 09:14:42 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1215199,1216813,1218470,1220711,1221326,1222803,1224049,1225897,1226980,1228592,1229833,1231016,1231088,1232087,1232101,1232158,1232161,1232421,1232882,1233055,1233112,1233221,1233248,1233259,1233260,1233488,1233522,1233638,1233642,1233778,1234195,1234619,1234635,1234683,1234693,1234726,1234825,1234863,1234887,1234888,1234893,1234898,1234901,1234906,1234923,1234931,1234934,1234947,1234957,1235000,1235001,1235011,1235031,1235032,1235035,1235037,1235038,1235039,1235040,1235042,1235043,1235046,1235050,1235051,1235053,1235054,1235057,1235059,1235065,1235070,1235073,1235100,1235112,1235115,1235117,1235122,1235123,1235125,1235132,1235133,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235244,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235441,1235444,1235445,1235449,1 235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,1235584,1235587,1235611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235874,1235894,1235902,1235903,1235906,1235914,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,123608 0,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236680,1236683,1236685,1236688,1236694,1236696,1236698,1236703,1236732,1236733,1236757,1236758,1236760,1236761,CVE-2023-52489,CVE-2023-52923,CVE-2024-26810,CVE-2024-36476,CVE-2024-39282,CVE-2024-43913,CVE-2024-45828,CVE-2024-46858,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47809,CVE-2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50051,CVE-2024-50106,CVE-2024-50151,CVE-2024-50199,CVE-2024-50251,CVE-2024-50258,CVE-2024-50299,CVE-2024-50304,CVE-2024-52332,CVE-2024-53091,CVE-2024-53095,CVE-2024-53164,CVE-2024-53168,CVE-2024-53170,CVE-2024-53172,CVE-2024-53175,CVE-2024-53185,CVE-2024-53187,CVE-2024-53194,CVE-2024-53195,CV E-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53203,CVE-2024-53227,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53236,CVE-2024-53239,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56538,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56557,CVE-2024-56558,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56577,CVE-2024-56578,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56592,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56620,CVE-2024- 56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56658,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE-2024-56746,CVE-2024-56747,C VE-2024-56748,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE-2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57882,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-57938,CVE-2024-57940,CVE-2024-57946,CVE-2025-21632,CVE-2025-21645,CVE-2025 -21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21666,CVE-2025-21669,CVE-2025-21670,CVE-2025-21674,CVE-2025-21675,CVE-2025-21676,CVE-2025-21678,CVE-2025-21682 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-26810: vfio/pci: Lock external INTx masking ops (bsc#1222803). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - devcoredump: cleanup some comments (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - intel_th: core: fix kernel-doc warnings (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Drop uvcvideo fix due to regression (bsc#1235894) - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: temporarily disable upstream patch (bsc#1236138) - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:504-1 Released: Thu Feb 13 11:26:56 2025 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1233137,1236921 This update for kdump fixes the following issues: - Version update kdump-2.0.6+git20.gf8ecc01 (bsc#1236921). - Fix filtering ro keys in kdump_bond_config (bsc#1233137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:515-1 Released: Thu Feb 13 12:58:42 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228086,1231792,1235912 This update for dracut fixes the following issue: - Version update 059+suse.552.g232957b4 - fixes related to getting live image size (bsc#1235912). - fixes for booting from iSCSI offload with bnx2i (bsc#1228086). - rework timeout for devices added via --mount and --add-device (bsc#1231792). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:585-1 Released: Tue Feb 18 17:42:14 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,1237041,CVE-2025-26465,CVE-2025-26466 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:586-1 Released: Wed Feb 19 08:28:47 2025 Summary: Security update for grub2 Type: security Severity: important References: 1229163,1229164,1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-49504,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2024-49504: Fixed an issue that can bypass TPM-bound disk encryption on SL(E)M encrypted Images. (bsc#1229164) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:749-1 Released: Fri Feb 28 17:23:17 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1215212,1233880,1236803 This update for samba fixes the following issues: - Fix crossing automounter mount points (bsc#1215212, bsc#1236803). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:776-1 Released: Tue Mar 4 15:55:35 2025 Summary: Security update for docker Type: security Severity: moderate References: 1234089,1237335,CVE-2024-29018 This update for docker fixes the following issues: Update to Docker 27.5.1-ce (bsc#1237335): - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:828-1 Released: Tue Mar 11 05:49:36 2025 Summary: Recommended update for kdump Type: recommended Severity: important References: 1235933,1237497,1237529 This update for kdump fixes the following issues: - Fix bonding options (bsc#1235933) - Don't use wicked to read bond and bridge config (bsc#1235933) - Prevent KDUMP_NET_TIMEOUT busy loop when DNS fails - Limit dump file permissions (bsc#1237497, bsc#1237529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:837-1 Released: Tue Mar 11 13:10:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:856-1 Released: Thu Mar 13 16:46:37 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1215199,1219367,1222672,1222803,1225606,1225742,1225981,1227937,1228521,1230235,1230438,1230439,1230497,1231432,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232508,1232520,1232919,1233028,1233109,1233483,1233749,1234070,1234853,1234857,1234891,1234894,1234895,1234896,1234963,1235032,1235054,1235061,1235073,1235435,1235485,1235592,1235599,1235609,1235932,1235933,1236113,1236114,1236115,1236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236573,1236575,1236576,1236591,1236661,1236677,1236681,1236682,1236684,1236689,1236700,1236702,1236752,1236759,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237232,1237234,1237325,1237356,1237415,1237452,1237504,1237521,1237558,1237562,1237563,1237848,1237849,1237879,1237889,1237891,1237901,1237950,1238214,1238303,1238347,1238368,1238509,1238525,1238570,1238739,1238751,1238753,1238759,1238860,1238863,1238877,C VE-2023-52924,CVE-2023-52925,CVE-2024-26708,CVE-2024-26810,CVE-2024-40980,CVE-2024-41055,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-47701,CVE-2024-49884,CVE-2024-49950,CVE-2024-50029,CVE-2024-50036,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50142,CVE-2024-50185,CVE-2024-50294,CVE-2024-53123,CVE-2024-53147,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56568,CVE-2024-56579,CVE-2024-56605,CVE-2024-56633,CVE-2024-56647,CVE-2024-56720,CVE-2024-57889,CVE-2024-57948,CVE-2024-57994,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21665,CVE-2025-21667,CVE-2025-21668,CVE-2025-21673,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21705,CVE-2025-21715,CVE-2025-21716,CVE-2025-21719,CVE-2025-21724,CVE-2025-21725,CVE-2025 -21728,CVE-2025-21767,CVE-2025-21790,CVE-2025-21795,CVE-2025-21799,CVE-2025-21802 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Fix memory-hotplug regression (bsc#1237504). - Grab mm lock before grabbing pt lock (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: allocate keycode for phone linking (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094). - Use gcc-13 for build on SLE16 (jsc#PED-10028). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - doc: update managed_irq documentation (bsc#1236897). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: use ctrl state getter (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/topology: Improve topology detection (bsc#1236591). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - packaging: Turn gcc version into config.sh variable. - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:933-1 Released: Wed Mar 19 11:07:35 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1237844,1237865 This update for grub2 fixes the following issues: - Fix 'zfs.mo not found' message when booting on legacy BIOS (bsc#1237865) - Upstream XFS fixes - Fix 'attempt to read of write outside of partition' error message (bsc#1237844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:967-1 Released: Thu Mar 20 09:31:40 2025 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1226533,1239165 This update for nfs-utils fixes the following issues: - Sources fix: nfsopen() failures should not be fatal (bsc#1239165). - Enable ldap support for nfsidmap (bsc#1226533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - docker-27.5.1_ce-150000.215.3 updated - dracut-059+suse.552.g232957b4-150600.3.17.2 updated - findutils-4.8.0-150300.3.3.2 updated - glibc-locale-base-2.38-150600.14.23.1 updated - glibc-locale-2.38-150600.14.23.1 updated - glibc-2.38-150600.14.23.1 updated - grub2-i386-pc-2.12-150600.8.21.2 updated - grub2-x86_64-efi-2.12-150600.8.21.2 updated - grub2-2.12-150600.8.21.2 updated - kdump-2.0.6+git25.g1dbf786-150600.3.14.1 updated - kernel-default-6.4.0-150600.23.42.2 updated - libgcrypt20-1.10.3-150600.3.3.1 updated - libgnutls30-3.8.3-150600.4.6.2 updated - libnfsidmap1-1.0-150600.28.9.2 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - libprocps8-3.3.17-150000.7.42.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - libsystemd0-254.23-150600.4.25.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libudev1-254.23-150600.4.25.1 updated - libxml2-2-2.10.3-150500.5.23.1 updated - libzypp-17.36.3-150600.3.50.1 updated - nfs-client-2.6.4-150600.28.9.2 updated - openssh-clients-9.6p1-150600.6.15.2 updated - openssh-common-9.6p1-150600.6.15.2 updated - openssh-server-9.6p1-150600.6.15.2 updated - openssh-9.6p1-150600.6.15.2 updated - permissions-20240826-150600.10.18.2 updated - pkg-config-0.29.2-150600.15.3.1 updated - procps-3.3.17-150000.7.42.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - samba-client-libs-4.19.8+git.404.38b26805d4-150600.3.12.2 updated - systemd-254.23-150600.4.25.1 updated - timezone-2025a-150600.91.3.1 updated - udev-254.23-150600.4.25.1 updated - vim-data-common-9.1.1101-150500.20.21.1 updated - vim-9.1.1101-150500.20.21.1 updated - zypper-1.14.85-150600.10.28.1 updated - libxslt1-1.1.34-150400.3.3.1 removed - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 removed - python3-cssselect-1.0.3-150400.3.7.4 removed - python3-lxml-4.9.1-150500.3.4.3 removed From sle-container-updates at lists.suse.com Sat Mar 22 08:02:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:02:27 +0100 (CET) Subject: SUSE-IU-2025:784-1: Security update of suse-sles-15-sp6-chost-byos-v20250320-hvm-ssd-x86_64 Message-ID: <20250322080227.72D9DFCE3@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250320-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:784-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250320-hvm-ssd-x86_64:20250320 Image Release : Severity : important Type : security References : 1012628 1012628 1189788 1194869 1214290 1215199 1215199 1215212 1216091 1216813 1218470 1219367 1220711 1220893 1220895 1220896 1221326 1222672 1222803 1222803 1224049 1225606 1225742 1225897 1225936 1225939 1225941 1225942 1225981 1226533 1226980 1227637 1227937 1228086 1228434 1228521 1228592 1229163 1229164 1229228 1229685 1229822 1229833 1230078 1230235 1230438 1230439 1230497 1231016 1231088 1231432 1231472 1231792 1231912 1231920 1231949 1232087 1232101 1232158 1232159 1232161 1232198 1232201 1232299 1232421 1232508 1232520 1232882 1232919 1233028 1233055 1233109 1233112 1233137 1233221 1233248 1233259 1233260 1233483 1233488 1233522 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1233638 1233642 1233749 1233752 1233778 1233880 1234070 1234089 1234195 1234313 1234619 1234635 1234683 1234693 1234726 1234765 1234825 1234853 1234857 1234863 1234887 1234888 1234891 1234893 1234894 1234895 1234896 1234898 1234901 1234906 1234923 1234931 1234934 1234947 1234957 1234958 1234963 1235000 1235001 1235011 1235031 1235032 1235032 1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235046 1235050 1235051 1235053 1235054 1235054 1235057 1235059 1235061 1235065 1235070 1235073 1235073 1235100 1235112 1235115 1235117 1235122 1235123 1235125 1235132 1235133 1235155 1235160 1235217 1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241 1235244 1235249 1235251 1235252 1235389 1235390 1235391 1235406 1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423 1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433 1235435 1235437 1235439 1235441 1235444 1235445 1235449 1235451 1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480 1235483 1235485 1235486 1235487 1235488 1235489 1235491 1235494 1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235519 1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534 1235537 1235538 1235545 1235552 1235555 1235557 1235563 1235564 1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583 1235584 1235587 1235592 1235599 1235609 1235611 1235612 1235616 1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645 1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235686 1235695 1235700 1235705 1235707 1235708 1235710 1235714 1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745 1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777 1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814 1235818 1235842 1235865 1235874 1235894 1235902 1235903 1235906 1235912 1235914 1235918 1235919 1235920 1235924 1235932 1235933 1235933 1235940 1235941 1235946 1235948 1235952 1235964 1235965 1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088 1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104 1236106 1236113 1236114 1236115 1236120 1236122 1236123 1236125 1236127 1236131 1236133 1236136 1236138 1236138 1236143 1236144 1236145 1236151 1236160 1236161 1236163 1236165 1236168 1236178 1236180 1236181 1236182 1236190 1236192 1236198 1236199 1236200 1236203 1236205 1236227 1236245 1236247 1236248 1236260 1236262 1236282 1236316 1236317 1236384 1236481 1236573 1236575 1236576 1236591 1236628 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236688 1236689 1236694 1236696 1236698 1236700 1236702 1236703 1236705 1236732 1236733 1236752 1236757 1236758 1236759 1236760 1236761 1236771 1236803 1236820 1236821 1236822 1236842 1236858 1236878 1236896 1236897 1236921 1236939 1236952 1236960 1236967 1236974 1236983 1236994 1237002 1237006 1237007 1237008 1237009 1237010 1237011 1237012 1237013 1237014 1237017 1237025 1237028 1237040 1237041 1237044 1237045 1237126 1237132 1237137 1237139 1237155 1237158 1237159 1237232 1237234 1237325 1237335 1237356 1237363 1237370 1237374 1237415 1237418 1237452 1237497 1237504 1237521 1237529 1237558 1237562 1237563 1237844 1237848 1237849 1237865 1237879 1237889 1237891 1237901 1237950 1238214 1238303 1238347 1238368 1238509 1238525 1238570 1238739 1238751 1238753 1238759 1238860 1238863 1238877 1239165 CVE-2023-4016 CVE-2023-52489 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925 CVE-2024-12133 CVE-2024-12243 CVE-2024-13176 CVE-2024-26708 CVE-2024-26810 CVE-2024-26810 CVE-2024-29018 CVE-2024-36476 CVE-2024-39282 CVE-2024-40980 CVE-2024-41055 CVE-2024-43790 CVE-2024-43802 CVE-2024-43913 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-45306 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-45828 CVE-2024-46858 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143 CVE-2024-47701 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49504 CVE-2024-49569 CVE-2024-49884 CVE-2024-49948 CVE-2024-49950 CVE-2024-49951 CVE-2024-49978 CVE-2024-49998 CVE-2024-50029 CVE-2024-50036 CVE-2024-50051 CVE-2024-50073 CVE-2024-50085 CVE-2024-50106 CVE-2024-50115 CVE-2024-50142 CVE-2024-50151 CVE-2024-50185 CVE-2024-50199 CVE-2024-50251 CVE-2024-50258 CVE-2024-50294 CVE-2024-50299 CVE-2024-50304 CVE-2024-52332 CVE-2024-53091 CVE-2024-53095 CVE-2024-53123 CVE-2024-53147 CVE-2024-53164 CVE-2024-53168 CVE-2024-53170 CVE-2024-53172 CVE-2024-53173 CVE-2024-53175 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53185 CVE-2024-53187 CVE-2024-53194 CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53203 CVE-2024-53226 CVE-2024-53227 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232 CVE-2024-53233 CVE-2024-53236 CVE-2024-53239 CVE-2024-53239 CVE-2024-53685 CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916 CVE-2024-56171 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56538 CVE-2024-56539 CVE-2024-56543 CVE-2024-56546 CVE-2024-56548 CVE-2024-56548 CVE-2024-56557 CVE-2024-56558 CVE-2024-56568 CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572 CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56577 CVE-2024-56578 CVE-2024-56579 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589 CVE-2024-56590 CVE-2024-56592 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56605 CVE-2024-56606 CVE-2024-56607 CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614 CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620 CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630 CVE-2024-56631 CVE-2024-56632 CVE-2024-56633 CVE-2024-56634 CVE-2024-56635 CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643 CVE-2024-56644 CVE-2024-56647 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650 CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56658 CVE-2024-56659 CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664 CVE-2024-56665 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677 CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694 CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705 CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715 CVE-2024-56716 CVE-2024-56720 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724 CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729 CVE-2024-56737 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763 CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774 CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779 CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804 CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857 CVE-2024-57874 CVE-2024-57876 CVE-2024-57882 CVE-2024-57884 CVE-2024-57887 CVE-2024-57888 CVE-2024-57889 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893 CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932 CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940 CVE-2024-57946 CVE-2024-57948 CVE-2024-57994 CVE-2025-0395 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-0938 CVE-2025-1118 CVE-2025-1125 CVE-2025-1215 CVE-2025-21632 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21645 CVE-2025-21646 CVE-2025-21647 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652 CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663 CVE-2025-21664 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21673 CVE-2025-21674 CVE-2025-21675 CVE-2025-21676 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21682 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21705 CVE-2025-21715 CVE-2025-21716 CVE-2025-21719 CVE-2025-21724 CVE-2025-21725 CVE-2025-21728 CVE-2025-21767 CVE-2025-21790 CVE-2025-21795 CVE-2025-21799 CVE-2025-21802 CVE-2025-22134 CVE-2025-24014 CVE-2025-24928 CVE-2025-26465 CVE-2025-26466 CVE-2025-27113 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250320-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:499-1 Released: Thu Feb 13 09:14:42 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1215199,1216813,1218470,1220711,1221326,1222803,1224049,1225897,1226980,1228592,1229833,1231016,1231088,1232087,1232101,1232158,1232161,1232421,1232882,1233055,1233112,1233221,1233248,1233259,1233260,1233488,1233522,1233638,1233642,1233778,1234195,1234619,1234635,1234683,1234693,1234726,1234825,1234863,1234887,1234888,1234893,1234898,1234901,1234906,1234923,1234931,1234934,1234947,1234957,1235000,1235001,1235011,1235031,1235032,1235035,1235037,1235038,1235039,1235040,1235042,1235043,1235046,1235050,1235051,1235053,1235054,1235057,1235059,1235065,1235070,1235073,1235100,1235112,1235115,1235117,1235122,1235123,1235125,1235132,1235133,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235244,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235441,1235444,1235445,1235449,1 235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,1235584,1235587,1235611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235874,1235894,1235902,1235903,1235906,1235914,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,123608 0,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236680,1236683,1236685,1236688,1236694,1236696,1236698,1236703,1236732,1236733,1236757,1236758,1236760,1236761,CVE-2023-52489,CVE-2023-52923,CVE-2024-26810,CVE-2024-36476,CVE-2024-39282,CVE-2024-43913,CVE-2024-45828,CVE-2024-46858,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47809,CVE-2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50051,CVE-2024-50106,CVE-2024-50151,CVE-2024-50199,CVE-2024-50251,CVE-2024-50258,CVE-2024-50299,CVE-2024-50304,CVE-2024-52332,CVE-2024-53091,CVE-2024-53095,CVE-2024-53164,CVE-2024-53168,CVE-2024-53170,CVE-2024-53172,CVE-2024-53175,CVE-2024-53185,CVE-2024-53187,CVE-2024-53194,CVE-2024-53195,CV E-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53203,CVE-2024-53227,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53236,CVE-2024-53239,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56538,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56557,CVE-2024-56558,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56577,CVE-2024-56578,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56592,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56620,CVE-2024- 56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56658,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE-2024-56746,CVE-2024-56747,C VE-2024-56748,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE-2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57882,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-57938,CVE-2024-57940,CVE-2024-57946,CVE-2025-21632,CVE-2025-21645,CVE-2025 -21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21666,CVE-2025-21669,CVE-2025-21670,CVE-2025-21674,CVE-2025-21675,CVE-2025-21676,CVE-2025-21678,CVE-2025-21682 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-26810: vfio/pci: Lock external INTx masking ops (bsc#1222803). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - devcoredump: cleanup some comments (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - intel_th: core: fix kernel-doc warnings (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Drop uvcvideo fix due to regression (bsc#1235894) - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: temporarily disable upstream patch (bsc#1236138) - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:504-1 Released: Thu Feb 13 11:26:56 2025 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1233137,1236921 This update for kdump fixes the following issues: - Version update kdump-2.0.6+git20.gf8ecc01 (bsc#1236921). - Fix filtering ro keys in kdump_bond_config (bsc#1233137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:515-1 Released: Thu Feb 13 12:58:42 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228086,1231792,1235912 This update for dracut fixes the following issue: - Version update 059+suse.552.g232957b4 - fixes related to getting live image size (bsc#1235912). - fixes for booting from iSCSI offload with bnx2i (bsc#1228086). - rework timeout for devices added via --mount and --add-device (bsc#1231792). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:585-1 Released: Tue Feb 18 17:42:14 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,1237041,CVE-2025-26465,CVE-2025-26466 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:586-1 Released: Wed Feb 19 08:28:47 2025 Summary: Security update for grub2 Type: security Severity: important References: 1229163,1229164,1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-49504,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2024-49504: Fixed an issue that can bypass TPM-bound disk encryption on SL(E)M encrypted Images. (bsc#1229164) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:749-1 Released: Fri Feb 28 17:23:17 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1215212,1233880,1236803 This update for samba fixes the following issues: - Fix crossing automounter mount points (bsc#1215212, bsc#1236803). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:776-1 Released: Tue Mar 4 15:55:35 2025 Summary: Security update for docker Type: security Severity: moderate References: 1234089,1237335,CVE-2024-29018 This update for docker fixes the following issues: Update to Docker 27.5.1-ce (bsc#1237335): - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:828-1 Released: Tue Mar 11 05:49:36 2025 Summary: Recommended update for kdump Type: recommended Severity: important References: 1235933,1237497,1237529 This update for kdump fixes the following issues: - Fix bonding options (bsc#1235933) - Don't use wicked to read bond and bridge config (bsc#1235933) - Prevent KDUMP_NET_TIMEOUT busy loop when DNS fails - Limit dump file permissions (bsc#1237497, bsc#1237529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:837-1 Released: Tue Mar 11 13:10:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:856-1 Released: Thu Mar 13 16:46:37 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1215199,1219367,1222672,1222803,1225606,1225742,1225981,1227937,1228521,1230235,1230438,1230439,1230497,1231432,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232508,1232520,1232919,1233028,1233109,1233483,1233749,1234070,1234853,1234857,1234891,1234894,1234895,1234896,1234963,1235032,1235054,1235061,1235073,1235435,1235485,1235592,1235599,1235609,1235932,1235933,1236113,1236114,1236115,1236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236573,1236575,1236576,1236591,1236661,1236677,1236681,1236682,1236684,1236689,1236700,1236702,1236752,1236759,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237232,1237234,1237325,1237356,1237415,1237452,1237504,1237521,1237558,1237562,1237563,1237848,1237849,1237879,1237889,1237891,1237901,1237950,1238214,1238303,1238347,1238368,1238509,1238525,1238570,1238739,1238751,1238753,1238759,1238860,1238863,1238877,C VE-2023-52924,CVE-2023-52925,CVE-2024-26708,CVE-2024-26810,CVE-2024-40980,CVE-2024-41055,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-47701,CVE-2024-49884,CVE-2024-49950,CVE-2024-50029,CVE-2024-50036,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50142,CVE-2024-50185,CVE-2024-50294,CVE-2024-53123,CVE-2024-53147,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56568,CVE-2024-56579,CVE-2024-56605,CVE-2024-56633,CVE-2024-56647,CVE-2024-56720,CVE-2024-57889,CVE-2024-57948,CVE-2024-57994,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21665,CVE-2025-21667,CVE-2025-21668,CVE-2025-21673,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21705,CVE-2025-21715,CVE-2025-21716,CVE-2025-21719,CVE-2025-21724,CVE-2025-21725,CVE-2025 -21728,CVE-2025-21767,CVE-2025-21790,CVE-2025-21795,CVE-2025-21799,CVE-2025-21802 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Fix memory-hotplug regression (bsc#1237504). - Grab mm lock before grabbing pt lock (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: allocate keycode for phone linking (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094). - Use gcc-13 for build on SLE16 (jsc#PED-10028). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - doc: update managed_irq documentation (bsc#1236897). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: use ctrl state getter (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/topology: Improve topology detection (bsc#1236591). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - packaging: Turn gcc version into config.sh variable. - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:933-1 Released: Wed Mar 19 11:07:35 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1237844,1237865 This update for grub2 fixes the following issues: - Fix 'zfs.mo not found' message when booting on legacy BIOS (bsc#1237865) - Upstream XFS fixes - Fix 'attempt to read of write outside of partition' error message (bsc#1237844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:967-1 Released: Thu Mar 20 09:31:40 2025 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1226533,1239165 This update for nfs-utils fixes the following issues: - Sources fix: nfsopen() failures should not be fatal (bsc#1239165). - Enable ldap support for nfsidmap (bsc#1226533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - docker-27.5.1_ce-150000.215.3 updated - dracut-059+suse.552.g232957b4-150600.3.17.2 updated - findutils-4.8.0-150300.3.3.2 updated - glibc-locale-base-2.38-150600.14.23.1 updated - glibc-locale-2.38-150600.14.23.1 updated - glibc-2.38-150600.14.23.1 updated - grub2-i386-pc-2.12-150600.8.21.2 updated - grub2-x86_64-efi-2.12-150600.8.21.2 updated - grub2-x86_64-xen-2.12-150600.8.21.2 updated - grub2-2.12-150600.8.21.2 updated - kdump-2.0.6+git25.g1dbf786-150600.3.14.1 updated - kernel-default-6.4.0-150600.23.42.2 updated - libgcrypt20-1.10.3-150600.3.3.1 updated - libgnutls30-3.8.3-150600.4.6.2 updated - libnfsidmap1-1.0-150600.28.9.2 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - libprocps8-3.3.17-150000.7.42.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - libsystemd0-254.23-150600.4.25.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libudev1-254.23-150600.4.25.1 updated - libxml2-2-2.10.3-150500.5.23.1 updated - libzypp-17.36.3-150600.3.50.1 updated - nfs-client-2.6.4-150600.28.9.2 updated - openssh-clients-9.6p1-150600.6.15.2 updated - openssh-common-9.6p1-150600.6.15.2 updated - openssh-server-9.6p1-150600.6.15.2 updated - openssh-9.6p1-150600.6.15.2 updated - permissions-20240826-150600.10.18.2 updated - pkg-config-0.29.2-150600.15.3.1 updated - procps-3.3.17-150000.7.42.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - samba-client-libs-4.19.8+git.404.38b26805d4-150600.3.12.2 updated - systemd-254.23-150600.4.25.1 updated - timezone-2025a-150600.91.3.1 updated - udev-254.23-150600.4.25.1 updated - vim-data-common-9.1.1101-150500.20.21.1 updated - vim-9.1.1101-150500.20.21.1 updated - zypper-1.14.85-150600.10.28.1 updated - libxslt1-1.1.34-150400.3.3.1 removed - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 removed - python3-cssselect-1.0.3-150400.3.7.4 removed - python3-lxml-4.9.1-150500.3.4.3 removed From sle-container-updates at lists.suse.com Sat Mar 22 08:02:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:02:38 +0100 (CET) Subject: SUSE-IU-2025:785-1: Security update of sles-15-sp6-chost-byos-v20250320-arm64 Message-ID: <20250322080238.5F090FCE3@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20250320-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:785-1 Image Tags : sles-15-sp6-chost-byos-v20250320-arm64:20250320 Image Release : Severity : important Type : security References : 1012628 1012628 1189788 1194869 1214290 1215199 1215199 1215212 1216091 1216813 1218470 1219367 1220711 1220893 1220895 1220896 1221326 1222672 1222803 1222803 1224049 1225606 1225742 1225897 1225936 1225939 1225941 1225942 1225981 1226533 1226980 1227637 1227937 1228086 1228434 1228521 1228592 1229163 1229164 1229228 1229685 1229822 1229833 1230078 1230235 1230438 1230439 1230497 1231016 1231088 1231432 1231472 1231775 1231776 1231792 1231912 1231920 1231949 1232087 1232101 1232158 1232159 1232161 1232198 1232201 1232299 1232421 1232508 1232520 1232882 1232919 1233028 1233055 1233109 1233112 1233137 1233221 1233248 1233259 1233260 1233483 1233488 1233522 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1233638 1233642 1233749 1233752 1233778 1233880 1234070 1234089 1234195 1234313 1234619 1234635 1234683 1234693 1234726 1234765 1234825 1234853 1234857 1234863 1234887 1234888 1234891 1234893 1234894 1234895 1234896 1234898 1234901 1234906 1234923 1234931 1234934 1234947 1234957 1234958 1234963 1235000 1235001 1235011 1235031 1235032 1235032 1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235046 1235050 1235051 1235053 1235054 1235054 1235057 1235059 1235061 1235065 1235070 1235073 1235073 1235100 1235112 1235115 1235117 1235122 1235123 1235125 1235132 1235133 1235155 1235160 1235217 1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241 1235244 1235249 1235251 1235252 1235389 1235390 1235391 1235406 1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423 1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433 1235435 1235437 1235439 1235441 1235444 1235445 1235449 1235451 1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480 1235483 1235485 1235486 1235487 1235488 1235489 1235491 1235494 1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235519 1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534 1235537 1235538 1235545 1235552 1235555 1235557 1235563 1235564 1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583 1235584 1235587 1235592 1235599 1235609 1235611 1235612 1235616 1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645 1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235664 1235686 1235695 1235700 1235705 1235707 1235708 1235710 1235714 1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745 1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777 1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814 1235818 1235842 1235865 1235874 1235894 1235902 1235903 1235906 1235912 1235914 1235918 1235919 1235920 1235924 1235932 1235933 1235933 1235940 1235941 1235946 1235948 1235952 1235964 1235965 1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088 1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104 1236106 1236113 1236114 1236115 1236120 1236122 1236123 1236125 1236127 1236131 1236133 1236136 1236138 1236138 1236143 1236144 1236145 1236151 1236160 1236161 1236163 1236165 1236168 1236178 1236180 1236181 1236182 1236190 1236192 1236198 1236199 1236200 1236203 1236205 1236227 1236245 1236247 1236248 1236260 1236262 1236282 1236316 1236317 1236384 1236403 1236481 1236560 1236573 1236575 1236576 1236591 1236628 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236688 1236689 1236694 1236696 1236698 1236700 1236702 1236703 1236705 1236732 1236733 1236752 1236757 1236758 1236759 1236760 1236761 1236771 1236803 1236820 1236821 1236822 1236842 1236858 1236878 1236896 1236897 1236921 1236939 1236952 1236960 1236967 1236974 1236983 1236994 1237002 1237006 1237007 1237008 1237009 1237010 1237011 1237012 1237013 1237014 1237017 1237025 1237028 1237040 1237041 1237044 1237045 1237126 1237132 1237137 1237139 1237155 1237158 1237159 1237232 1237234 1237325 1237335 1237356 1237363 1237370 1237374 1237415 1237418 1237452 1237497 1237504 1237521 1237529 1237558 1237562 1237563 1237844 1237848 1237849 1237865 1237879 1237889 1237891 1237901 1237950 1238214 1238303 1238347 1238368 1238509 1238525 1238570 1238739 1238751 1238753 1238759 1238860 1238863 1238877 1239165 CVE-2023-4016 CVE-2023-52489 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925 CVE-2024-12133 CVE-2024-12243 CVE-2024-13176 CVE-2024-26708 CVE-2024-26810 CVE-2024-26810 CVE-2024-29018 CVE-2024-36476 CVE-2024-39282 CVE-2024-40980 CVE-2024-41055 CVE-2024-43790 CVE-2024-43802 CVE-2024-43913 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-45306 CVE-2024-45339 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-45828 CVE-2024-46858 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143 CVE-2024-47701 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49504 CVE-2024-49569 CVE-2024-49884 CVE-2024-49948 CVE-2024-49950 CVE-2024-49951 CVE-2024-49978 CVE-2024-49998 CVE-2024-50029 CVE-2024-50036 CVE-2024-50051 CVE-2024-50073 CVE-2024-50085 CVE-2024-50106 CVE-2024-50115 CVE-2024-50142 CVE-2024-50151 CVE-2024-50185 CVE-2024-50199 CVE-2024-50251 CVE-2024-50258 CVE-2024-50294 CVE-2024-50299 CVE-2024-50304 CVE-2024-52332 CVE-2024-53091 CVE-2024-53095 CVE-2024-53123 CVE-2024-53147 CVE-2024-53164 CVE-2024-53168 CVE-2024-53170 CVE-2024-53172 CVE-2024-53173 CVE-2024-53175 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53185 CVE-2024-53187 CVE-2024-53194 CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53203 CVE-2024-53226 CVE-2024-53227 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232 CVE-2024-53233 CVE-2024-53236 CVE-2024-53239 CVE-2024-53239 CVE-2024-53685 CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916 CVE-2024-56171 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56538 CVE-2024-56539 CVE-2024-56543 CVE-2024-56546 CVE-2024-56548 CVE-2024-56548 CVE-2024-56557 CVE-2024-56558 CVE-2024-56568 CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572 CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56577 CVE-2024-56578 CVE-2024-56579 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589 CVE-2024-56590 CVE-2024-56592 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56605 CVE-2024-56606 CVE-2024-56607 CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614 CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620 CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630 CVE-2024-56631 CVE-2024-56632 CVE-2024-56633 CVE-2024-56634 CVE-2024-56635 CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643 CVE-2024-56644 CVE-2024-56647 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650 CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56658 CVE-2024-56659 CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664 CVE-2024-56665 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677 CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694 CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705 CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715 CVE-2024-56716 CVE-2024-56720 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724 CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729 CVE-2024-56737 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763 CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774 CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779 CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804 CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857 CVE-2024-57874 CVE-2024-57876 CVE-2024-57882 CVE-2024-57884 CVE-2024-57887 CVE-2024-57888 CVE-2024-57889 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893 CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932 CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940 CVE-2024-57946 CVE-2024-57948 CVE-2024-57994 CVE-2025-0395 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-0938 CVE-2025-1118 CVE-2025-1125 CVE-2025-1215 CVE-2025-21632 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21645 CVE-2025-21646 CVE-2025-21647 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652 CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663 CVE-2025-21664 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21673 CVE-2025-21674 CVE-2025-21675 CVE-2025-21676 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21682 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21705 CVE-2025-21715 CVE-2025-21716 CVE-2025-21719 CVE-2025-21724 CVE-2025-21725 CVE-2025-21728 CVE-2025-21767 CVE-2025-21790 CVE-2025-21795 CVE-2025-21799 CVE-2025-21802 CVE-2025-22134 CVE-2025-24014 CVE-2025-24928 CVE-2025-26465 CVE-2025-26466 CVE-2025-27113 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20250320-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:499-1 Released: Thu Feb 13 09:14:42 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1215199,1216813,1218470,1220711,1221326,1222803,1224049,1225897,1226980,1228592,1229833,1231016,1231088,1232087,1232101,1232158,1232161,1232421,1232882,1233055,1233112,1233221,1233248,1233259,1233260,1233488,1233522,1233638,1233642,1233778,1234195,1234619,1234635,1234683,1234693,1234726,1234825,1234863,1234887,1234888,1234893,1234898,1234901,1234906,1234923,1234931,1234934,1234947,1234957,1235000,1235001,1235011,1235031,1235032,1235035,1235037,1235038,1235039,1235040,1235042,1235043,1235046,1235050,1235051,1235053,1235054,1235057,1235059,1235065,1235070,1235073,1235100,1235112,1235115,1235117,1235122,1235123,1235125,1235132,1235133,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235244,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235441,1235444,1235445,1235449,1 235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,1235584,1235587,1235611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235874,1235894,1235902,1235903,1235906,1235914,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,123608 0,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236680,1236683,1236685,1236688,1236694,1236696,1236698,1236703,1236732,1236733,1236757,1236758,1236760,1236761,CVE-2023-52489,CVE-2023-52923,CVE-2024-26810,CVE-2024-36476,CVE-2024-39282,CVE-2024-43913,CVE-2024-45828,CVE-2024-46858,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47809,CVE-2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50051,CVE-2024-50106,CVE-2024-50151,CVE-2024-50199,CVE-2024-50251,CVE-2024-50258,CVE-2024-50299,CVE-2024-50304,CVE-2024-52332,CVE-2024-53091,CVE-2024-53095,CVE-2024-53164,CVE-2024-53168,CVE-2024-53170,CVE-2024-53172,CVE-2024-53175,CVE-2024-53185,CVE-2024-53187,CVE-2024-53194,CVE-2024-53195,CV E-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53203,CVE-2024-53227,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53236,CVE-2024-53239,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56538,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56557,CVE-2024-56558,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56577,CVE-2024-56578,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56592,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56620,CVE-2024- 56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56658,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE-2024-56746,CVE-2024-56747,C VE-2024-56748,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE-2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57882,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-57938,CVE-2024-57940,CVE-2024-57946,CVE-2025-21632,CVE-2025-21645,CVE-2025 -21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21666,CVE-2025-21669,CVE-2025-21670,CVE-2025-21674,CVE-2025-21675,CVE-2025-21676,CVE-2025-21678,CVE-2025-21682 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-26810: vfio/pci: Lock external INTx masking ops (bsc#1222803). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - devcoredump: cleanup some comments (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - intel_th: core: fix kernel-doc warnings (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Drop uvcvideo fix due to regression (bsc#1235894) - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: temporarily disable upstream patch (bsc#1236138) - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:504-1 Released: Thu Feb 13 11:26:56 2025 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1233137,1236921 This update for kdump fixes the following issues: - Version update kdump-2.0.6+git20.gf8ecc01 (bsc#1236921). - Fix filtering ro keys in kdump_bond_config (bsc#1233137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:515-1 Released: Thu Feb 13 12:58:42 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228086,1231792,1235912 This update for dracut fixes the following issue: - Version update 059+suse.552.g232957b4 - fixes related to getting live image size (bsc#1235912). - fixes for booting from iSCSI offload with bnx2i (bsc#1228086). - rework timeout for devices added via --mount and --add-device (bsc#1231792). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:585-1 Released: Tue Feb 18 17:42:14 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,1237041,CVE-2025-26465,CVE-2025-26466 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:586-1 Released: Wed Feb 19 08:28:47 2025 Summary: Security update for grub2 Type: security Severity: important References: 1229163,1229164,1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-49504,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2024-49504: Fixed an issue that can bypass TPM-bound disk encryption on SL(E)M encrypted Images. (bsc#1229164) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:611-1 Released: Fri Feb 21 11:36:56 2025 Summary: Security update for google-osconfig-agent Type: security Severity: important References: 1236560,CVE-2024-45339 This update for google-osconfig-agent fixes the following issues: - CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. (bsc#1236560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:749-1 Released: Fri Feb 28 17:23:17 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1215212,1233880,1236803 This update for samba fixes the following issues: - Fix crossing automounter mount points (bsc#1215212, bsc#1236803). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:759-1 Released: Mon Mar 3 04:44:21 2025 Summary: Recommended update for google-guest-agent Type: recommended Severity: moderate References: 1231775,1231776,1235664,1236403 This update for google-guest-agent fixes the following issues: google-guest-agent was updated from version 20241011.01 to 20250116.00: - Version 20250116.00 (bsc#1236403): * Implemented support for vlan dynamic removal * Update logging library - Version 20241209.01 (bsc#1235664): * Avoid changing permissions of directory if parent is `/` * Fixed fallback from systemd-networkd to dhclient * network: fixed nmcli check pattern * network: force NetworkManager to connect to primary nic * Updated metadata script runner to honor cloud logging config flag * Updated README.md with note regarding the introduction of Agent Plugin Manager - Version 20241018.01 (bsc#1231775, bsc#1231776): * Implemented support for Agent Plugin Manager to manage plugins via a systemd service file. * documentation: Updated metadata script runner details ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:776-1 Released: Tue Mar 4 15:55:35 2025 Summary: Security update for docker Type: security Severity: moderate References: 1234089,1237335,CVE-2024-29018 This update for docker fixes the following issues: Update to Docker 27.5.1-ce (bsc#1237335): - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:828-1 Released: Tue Mar 11 05:49:36 2025 Summary: Recommended update for kdump Type: recommended Severity: important References: 1235933,1237497,1237529 This update for kdump fixes the following issues: - Fix bonding options (bsc#1235933) - Don't use wicked to read bond and bridge config (bsc#1235933) - Prevent KDUMP_NET_TIMEOUT busy loop when DNS fails - Limit dump file permissions (bsc#1237497, bsc#1237529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:837-1 Released: Tue Mar 11 13:10:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:856-1 Released: Thu Mar 13 16:46:37 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1215199,1219367,1222672,1222803,1225606,1225742,1225981,1227937,1228521,1230235,1230438,1230439,1230497,1231432,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232508,1232520,1232919,1233028,1233109,1233483,1233749,1234070,1234853,1234857,1234891,1234894,1234895,1234896,1234963,1235032,1235054,1235061,1235073,1235435,1235485,1235592,1235599,1235609,1235932,1235933,1236113,1236114,1236115,1236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236573,1236575,1236576,1236591,1236661,1236677,1236681,1236682,1236684,1236689,1236700,1236702,1236752,1236759,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237232,1237234,1237325,1237356,1237415,1237452,1237504,1237521,1237558,1237562,1237563,1237848,1237849,1237879,1237889,1237891,1237901,1237950,1238214,1238303,1238347,1238368,1238509,1238525,1238570,1238739,1238751,1238753,1238759,1238860,1238863,1238877,C VE-2023-52924,CVE-2023-52925,CVE-2024-26708,CVE-2024-26810,CVE-2024-40980,CVE-2024-41055,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-47701,CVE-2024-49884,CVE-2024-49950,CVE-2024-50029,CVE-2024-50036,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50142,CVE-2024-50185,CVE-2024-50294,CVE-2024-53123,CVE-2024-53147,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56568,CVE-2024-56579,CVE-2024-56605,CVE-2024-56633,CVE-2024-56647,CVE-2024-56720,CVE-2024-57889,CVE-2024-57948,CVE-2024-57994,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21665,CVE-2025-21667,CVE-2025-21668,CVE-2025-21673,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21705,CVE-2025-21715,CVE-2025-21716,CVE-2025-21719,CVE-2025-21724,CVE-2025-21725,CVE-2025 -21728,CVE-2025-21767,CVE-2025-21790,CVE-2025-21795,CVE-2025-21799,CVE-2025-21802 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Fix memory-hotplug regression (bsc#1237504). - Grab mm lock before grabbing pt lock (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: allocate keycode for phone linking (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094). - Use gcc-13 for build on SLE16 (jsc#PED-10028). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - doc: update managed_irq documentation (bsc#1236897). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: use ctrl state getter (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/topology: Improve topology detection (bsc#1236591). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - packaging: Turn gcc version into config.sh variable. - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:933-1 Released: Wed Mar 19 11:07:35 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1237844,1237865 This update for grub2 fixes the following issues: - Fix 'zfs.mo not found' message when booting on legacy BIOS (bsc#1237865) - Upstream XFS fixes - Fix 'attempt to read of write outside of partition' error message (bsc#1237844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:967-1 Released: Thu Mar 20 09:31:40 2025 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1226533,1239165 This update for nfs-utils fixes the following issues: - Sources fix: nfsopen() failures should not be fatal (bsc#1239165). - Enable ldap support for nfsidmap (bsc#1226533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - docker-27.5.1_ce-150000.215.3 updated - dracut-059+suse.552.g232957b4-150600.3.17.2 updated - findutils-4.8.0-150300.3.3.2 updated - glibc-locale-base-2.38-150600.14.23.1 updated - glibc-locale-2.38-150600.14.23.1 updated - glibc-2.38-150600.14.23.1 updated - google-guest-agent-20250116.00-150000.1.54.1 updated - google-guest-oslogin-20240311.00-150000.1.48.1 updated - google-osconfig-agent-20250115.01-150000.1.44.1 updated - grub2-i386-pc-2.12-150600.8.21.2 updated - grub2-x86_64-efi-2.12-150600.8.21.2 updated - grub2-2.12-150600.8.21.2 updated - kdump-2.0.6+git25.g1dbf786-150600.3.14.1 updated - kernel-default-6.4.0-150600.23.42.2 updated - libgcrypt20-1.10.3-150600.3.3.1 updated - libgnutls30-3.8.3-150600.4.6.2 updated - libnfsidmap1-1.0-150600.28.9.2 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - libprocps8-3.3.17-150000.7.42.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - libsystemd0-254.23-150600.4.25.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libudev1-254.23-150600.4.25.1 updated - libxml2-2-2.10.3-150500.5.23.1 updated - libzypp-17.36.3-150600.3.50.1 updated - nfs-client-2.6.4-150600.28.9.2 updated - openssh-clients-9.6p1-150600.6.15.2 updated - openssh-common-9.6p1-150600.6.15.2 updated - openssh-server-9.6p1-150600.6.15.2 updated - openssh-9.6p1-150600.6.15.2 updated - permissions-20240826-150600.10.18.2 updated - pkg-config-0.29.2-150600.15.3.1 updated - procps-3.3.17-150000.7.42.1 updated - python3-base-3.6.15-150300.10.81.1 updated - samba-client-libs-4.19.8+git.404.38b26805d4-150600.3.12.2 updated - systemd-254.23-150600.4.25.1 updated - timezone-2025a-150600.91.3.1 updated - udev-254.23-150600.4.25.1 updated - vim-data-common-9.1.1101-150500.20.21.1 updated - vim-9.1.1101-150500.20.21.1 updated - zypper-1.14.85-150600.10.28.1 updated - libxslt1-1.1.34-150400.3.3.1 removed - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 removed - python3-3.6.15-150300.10.78.1 removed - python3-apipkg-2.1.0-150500.1.1 removed - python3-asn1crypto-0.24.0-3.2.1 removed - python3-certifi-2018.1.18-150000.3.3.1 removed - python3-cffi-1.13.2-3.2.5 removed - python3-chardet-3.0.4-150000.5.3.1 removed - python3-cryptography-3.3.2-150400.23.1 removed - python3-cssselect-1.0.3-150400.3.7.4 removed - python3-idna-2.6-150000.3.3.1 removed - python3-iniconfig-1.1.1-150000.1.11.1 removed - python3-lxml-4.9.1-150500.3.4.3 removed - python3-py-1.10.0-150100.5.12.1 removed - python3-pyOpenSSL-21.0.0-150400.7.62 removed - python3-pyasn1-0.4.2-150000.3.5.1 removed - python3-pycparser-2.17-3.2.1 removed - python3-requests-2.25.1-150300.3.12.2 removed - python3-urllib3-1.25.10-150300.4.12.1 removed From sle-container-updates at lists.suse.com Sat Mar 22 08:06:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Mar 2025 09:06:33 +0100 (CET) Subject: SUSE-CU-2025:1948-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250322080633.A9B52FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1948-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.3 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.3 Severity : critical Type : security References : 1044232 1105435 1114407 1119496 1124223 1125410 1126377 1131060 1131686 1138731 1138731 1144060 1154247 1157960 1166334 1170347 1170347 1173474 1173475 1174673 1176006 1176759 1177864 1181994 1186791 1186827 1188006 1188307 1188500 1189495 1189788 1190858 1191175 1194845 1196494 1196495 1197293 1198504 1199079 1199232 1199235 1200441 1200441 1202868 1203823 1204397 1204690 1204706 1205502 1206134 1206212 1206346 1206346 1206346 1206622 1206627 1208270 1208271 1208272 1209030 1210507 1211886 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1213189 1213514 1214248 1214806 1216091 1216091 1216410 1216752 1217215 1218686 1219123 1219123 1219189 1219189 1219855 1220356 1221184 1222259 1225973 1225974 1227114 1227314 1227429 1227525 1227681 1228434 1228770 1229106 1229339 1231472 1231829 1232458 1234752 1235636 1236136 1236384 1236460 1236481 1236588 1236590 1236619 1236820 1236878 1236939 1236983 1237044 1237363 1237370 1237418 916845 CVE-2013-4235 CVE-2013-4235 CVE-2018-1000654 CVE-2019-3880 CVE-2021-3521 CVE-2021-46848 CVE-2022-1586 CVE-2022-1587 CVE-2022-41409 CVE-2022-41720 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-49043 CVE-2023-24532 CVE-2023-29383 CVE-2023-4641 CVE-2024-12133 CVE-2024-13176 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 CVE-2024-56171 CVE-2025-0167 CVE-2025-0725 CVE-2025-24528 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:82-1 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1044232 This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:207-1 Released: Tue Jan 29 20:20:24 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1119496 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.0.0 (bsc#1119496): - Added command line interface - Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run - Added documentation about how to build docker images on non SLE distributions - Improve documentation to clarify how container-suseconnect works in a Dockerfile - Improve error handling on non SLE hosts - Fix bug which makes container-suseconnect work on SLE15 based distributions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2095-1 Released: Fri Aug 9 06:56:48 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.1.0 (bsc#1138731), fixing interacting with SCC behind proxy and SMT. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:122-1 Released: Fri Jan 17 10:56:07 2020 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731,1154247,1157960 This update for container-suseconnect fixes the following issues: - Fix usage with RMT and SMT. (bsc#1157960) - Parse the /etc/products.d/*.prod files. - Fix function comments based on best practices from Effective Go. (bsc#1138731) - Implement interacting with SCC behind proxy and SMT. (bsc#1154247) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:690-1 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1166334 This update for suse-build-key fixes the following issues: - created a new security at suse.de communication key (bsc#1166334) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1112-1 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347 This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2126-1 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1173474,1173475 This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:12 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:71-1 Released: Thu Jan 13 15:37:28 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:871-1 Released: Wed Mar 22 14:32:45 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441,1206134,1208270,1208271,1208272,1209030,CVE-2022-41720,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532 This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3834-1 Released: Wed Sep 27 19:18:33 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:139-1 Released: Thu Jan 18 11:33:54 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and the crypto/tls, maps, and runtime/pprof packages. (bsc#1212475) * x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders * runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal * cmd/compile: linux/s390x: inlining bug in s390x * maps: maps.Clone reference semantics when cloning a map with large value types * runtime: excessive memory use between 1.21.0 -> 1.21.1 * cmd/compile: max/min builtin broken when used with string(byte) conversions * runtime/pprof: incorrect function names for generics functions * crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 * runtime: race condition raised with parallel tests, panic(nil) and -race ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1007-1 Released: Wed Mar 27 10:51:42 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1144060,1176006,1188307,1203823,1205502,1206627,1210507,1213189,1214806,CVE-2023-29383,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). - CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806). The following non-security bugs were fixed: - bsc#1176006: Fix chage date miscalculation - bsc#1188307: Fix passwd segfault - bsc#1203823: Remove pam_keyinit from PAM config files - bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions - bsc#1206627: Add --prefix support to passwd, chpasswd and chage - bsc#1205502: useradd audit event user id field cannot be interpretedd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:44 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1889-1 Released: Sun Jun 2 11:23:26 2024 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1219855 This update for container-suseconnect fixes the following issues: Update to 2.5.0: * Upgrade to go 1.21 * Allow setting of SCC credentials via environment variables * Bump github.com/urfave/cli/v2 from 2.25.7 to 2.27.1 * Use switch instead of else if construction * Add system token header to query SCC subscriptions (bsc#1219855) * Use the FIPS capable go1.21-openssl to build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2659-1 Released: Tue Jul 30 15:37:52 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2809-1 Released: Wed Aug 7 09:49:44 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3868-1 Released: Fri Nov 1 16:15:26 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1231829 This update for suse-build-key fixes the following issues: - Also include the GPG key from the current build project to allow Staging testing without production keys, but only in staging. (bsc#1231829) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4305-1 Released: Thu Dec 12 15:00:32 2024 Summary: Recommended update for sles-ltss-release Type: recommended Severity: moderate References: This update for sles-ltss-release fixes the following issue: - Set product lifecycle. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:218-1 Released: Wed Jan 22 04:33:35 2025 Summary: Optional update for augeas Type: optional Severity: moderate References: This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2025:224-1 Released: Wed Jan 22 12:31:25 2025 Summary: Feature update for zypper, libzypp Type: feature Severity: low References: This update for zypper, libzypp fixes the following issues: - info: Allow to query a specific version (jsc#PED-11268) To query for a specific version simply append '-' or '--' to the '' pattern. Note that the edition part must always match exactly. - version 1.14.79 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:304-1 Released: Thu Jan 30 15:52:19 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:345-1 Released: Mon Feb 3 21:03:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:362-1 Released: Wed Feb 5 11:01:18 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:677-1 Released: Mon Feb 24 11:59:00 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:838-1 Released: Tue Mar 11 13:11:21 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 added - ca-certificates-2+git20240416.98ae794-150300.4.3.3 added - container-suseconnect-2.5.0-150000.4.58.1 added - curl-8.0.1-150400.5.62.1 added - filesystem-15.0-150500.1.1 updated - findutils-4.8.0-150300.3.3.2 updated - glibc-2.31-150300.92.1 updated - krb5-1.20.1-150500.3.12.1 updated - kubic-locale-archive-2.31-10.36 added - libaugeas0-1.12.0-150400.3.5.1 updated - libcurl4-8.0.1-150400.5.62.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.40.1 updated - libopenssl1_1-1.1.1l-150500.17.40.1 updated - libp11-kit0-0.23.22-150500.8.3.1 added - libpcre2-8-0-10.39-150400.4.9.1 added - libselinux1-3.4-150500.1.12 updated - libsemanage-conf-3.4-150500.1.12 added - libsemanage2-3.4-150500.1.12 added - libsepol2-3.4-150500.1.18 added - libtasn1-6-4.13-150000.4.11.1 added - libtasn1-4.13-150000.4.11.1 added - libxml2-2-2.10.3-150500.5.23.1 updated - libzypp-17.36.3-150500.6.42.1 updated - login_defs-4.8.1-150500.3.9.1 updated - netcfg-11.6-150000.3.6.1 added - openssl-1_1-1.1.1l-150500.17.40.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 added - p11-kit-0.23.22-150500.8.3.1 added - rpm-4.14.3-150400.59.16.1 added - shadow-4.8.1-150500.3.9.1 updated - skelcd-EULA-sles-2023.03.06-150500.2.5 added - sles-ltss-release-15.5-150500.16.4.4 added - sles-release-15.5-150500.61.4.1 added - suse-build-key-12.0-150000.8.55.1 added - timezone-2025a-150000.75.31.1 updated - zypper-1.14.85-150500.6.26.1 updated - container:suse-sle15-15.5-d9566b7970d05e7a0773130e5c8c6b7ee52897e9ad031e41822c8731b0aeb2ed-0 removed From sle-container-updates at lists.suse.com Fri Mar 28 08:07:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Mar 2025 09:07:02 +0100 (CET) Subject: SUSE-IU-2025:822-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250328080702.4FAFDFB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:822-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.13 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.13 Severity : important Type : security References : 1012628 1194869 1214954 1215199 1216813 1218470 1220711 1220773 1224095 1224726 1225743 1225820 1225897 1226980 1227445 1228526 1228592 1229809 1229833 1230205 1230413 1230697 1231016 1231854 1231909 1231963 1232087 1232101 1232158 1232161 1232193 1232198 1232201 1232418 1232419 1232420 1232421 1232436 1232882 1233038 1233055 1233070 1233096 1233112 1233200 1233204 1233239 1233259 1233260 1233324 1233328 1233461 1233467 1233469 1233488 1233546 1233558 1233637 1233638 1233642 1233772 1233778 1233837 1234024 1234069 1234071 1234073 1234075 1234076 1234077 1234079 1234086 1234139 1234140 1234141 1234142 1234143 1234144 1234145 1234146 1234147 1234148 1234149 1234150 1234153 1234155 1234156 1234158 1234159 1234160 1234161 1234162 1234163 1234164 1234165 1234166 1234167 1234168 1234169 1234170 1234171 1234172 1234173 1234174 1234175 1234176 1234177 1234178 1234179 1234180 1234181 1234182 1234183 1234184 1234185 1234186 1234187 1234188 1234189 1234190 1234191 1234192 1234193 1234194 1234195 1234196 1234197 1234198 1234199 1234200 1234201 1234203 1234204 1234205 1234207 1234208 1234209 1234219 1234220 1234221 1234237 1234238 1234239 1234240 1234241 1234242 1234243 1234278 1234279 1234280 1234281 1234282 1234294 1234338 1234357 1234381 1234454 1234464 1234605 1234619 1234635 1234651 1234652 1234654 1234655 1234657 1234658 1234659 1234668 1234683 1234690 1234693 1234725 1234726 1234810 1234811 1234825 1234826 1234827 1234829 1234832 1234834 1234843 1234846 1234848 1234853 1234855 1234856 1234863 1234884 1234887 1234888 1234889 1234891 1234893 1234898 1234899 1234900 1234901 1234905 1234906 1234907 1234909 1234911 1234912 1234916 1234918 1234920 1234921 1234922 1234923 1234929 1234930 1234931 1234934 1234937 1234947 1234948 1234950 1234952 1234957 1234960 1234962 1234963 1234968 1234969 1234970 1234971 1234973 1234974 1234989 1234999 1235000 1235001 1235002 1235003 1235004 1235007 1235009 1235011 1235016 1235019 1235031 1235032 1235033 1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235045 1235046 1235050 1235051 1235053 1235054 1235056 1235057 1235059 1235061 1235065 1235070 1235073 1235075 1235100 1235108 1235112 1235115 1235117 1235122 1235123 1235125 1235128 1235132 1235133 1235134 1235138 1235155 1235160 1235217 1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241 1235246 1235249 1235251 1235252 1235389 1235390 1235391 1235406 1235409 1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423 1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433 1235437 1235439 1235444 1235445 1235449 1235451 1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480 1235483 1235486 1235487 1235488 1235489 1235491 1235494 1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235507 1235519 1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534 1235537 1235538 1235545 1235550 1235552 1235555 1235557 1235563 1235564 1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583 1235584 1235587 1235611 1235612 1235616 1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645 1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235686 1235700 1235705 1235707 1235708 1235710 1235714 1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745 1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777 1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814 1235818 1235842 1235865 1235894 1235902 1235903 1235906 1235918 1235919 1235920 1235924 1235940 1235941 1235946 1235948 1235952 1235964 1235965 1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088 1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104 1236106 1236120 1236125 1236127 1236131 1236138 1236143 1236144 1236145 1236160 1236161 1236163 1236168 1236178 1236180 1236181 1236182 1236190 1236192 1236198 1236227 1236245 1236247 1236248 1236260 1236262 1236628 1236688 1236696 1236703 1236732 1236733 CVE-2023-52923 CVE-2024-26924 CVE-2024-27397 CVE-2024-35839 CVE-2024-36476 CVE-2024-36908 CVE-2024-39282 CVE-2024-39480 CVE-2024-41042 CVE-2024-43913 CVE-2024-44934 CVE-2024-44996 CVE-2024-45828 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143 CVE-2024-47678 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49569 CVE-2024-49854 CVE-2024-49884 CVE-2024-49915 CVE-2024-49948 CVE-2024-49951 CVE-2024-49978 CVE-2024-49998 CVE-2024-50016 CVE-2024-50018 CVE-2024-50039 CVE-2024-50047 CVE-2024-50051 CVE-2024-50106 CVE-2024-50143 CVE-2024-50151 CVE-2024-50154 CVE-2024-50199 CVE-2024-50202 CVE-2024-50203 CVE-2024-50211 CVE-2024-50228 CVE-2024-50256 CVE-2024-50262 CVE-2024-50272 CVE-2024-50278 CVE-2024-50280 CVE-2024-50299 CVE-2024-52332 CVE-2024-53050 CVE-2024-53064 CVE-2024-53090 CVE-2024-53091 CVE-2024-53095 CVE-2024-53099 CVE-2024-53103 CVE-2024-53105 CVE-2024-53111 CVE-2024-53113 CVE-2024-53117 CVE-2024-53118 CVE-2024-53119 CVE-2024-53120 CVE-2024-53122 CVE-2024-53125 CVE-2024-53126 CVE-2024-53127 CVE-2024-53129 CVE-2024-53130 CVE-2024-53131 CVE-2024-53133 CVE-2024-53134 CVE-2024-53136 CVE-2024-53141 CVE-2024-53142 CVE-2024-53144 CVE-2024-53146 CVE-2024-53148 CVE-2024-53150 CVE-2024-53151 CVE-2024-53154 CVE-2024-53155 CVE-2024-53156 CVE-2024-53157 CVE-2024-53158 CVE-2024-53159 CVE-2024-53160 CVE-2024-53161 CVE-2024-53162 CVE-2024-53164 CVE-2024-53166 CVE-2024-53168 CVE-2024-53169 CVE-2024-53170 CVE-2024-53171 CVE-2024-53172 CVE-2024-53173 CVE-2024-53174 CVE-2024-53175 CVE-2024-53179 CVE-2024-53180 CVE-2024-53185 CVE-2024-53187 CVE-2024-53188 CVE-2024-53190 CVE-2024-53191 CVE-2024-53194 CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53200 CVE-2024-53201 CVE-2024-53202 CVE-2024-53203 CVE-2024-53206 CVE-2024-53207 CVE-2024-53208 CVE-2024-53209 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214 CVE-2024-53215 CVE-2024-53216 CVE-2024-53217 CVE-2024-53222 CVE-2024-53224 CVE-2024-53227 CVE-2024-53229 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232 CVE-2024-53233 CVE-2024-53234 CVE-2024-53236 CVE-2024-53237 CVE-2024-53239 CVE-2024-53240 CVE-2024-53241 CVE-2024-53685 CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56536 CVE-2024-56538 CVE-2024-56539 CVE-2024-56543 CVE-2024-56546 CVE-2024-56548 CVE-2024-56549 CVE-2024-56551 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56566 CVE-2024-56567 CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572 CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56576 CVE-2024-56577 CVE-2024-56578 CVE-2024-56582 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589 CVE-2024-56590 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56599 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56604 CVE-2024-56605 CVE-2024-56606 CVE-2024-56607 CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614 CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620 CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630 CVE-2024-56631 CVE-2024-56632 CVE-2024-56634 CVE-2024-56635 CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650 CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56659 CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664 CVE-2024-56665 CVE-2024-56667 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677 CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694 CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705 CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715 CVE-2024-56716 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724 CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56752 CVE-2024-56754 CVE-2024-56755 CVE-2024-56756 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763 CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774 CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779 CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804 CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857 CVE-2024-57874 CVE-2024-57876 CVE-2024-57884 CVE-2024-57887 CVE-2024-57888 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893 CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932 CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940 CVE-2024-57946 CVE-2024-8805 CVE-2025-21632 CVE-2025-21645 CVE-2025-21646 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652 CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663 CVE-2025-21664 CVE-2025-21674 CVE-2025-21676 CVE-2025-21682 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-3 Released: Thu Mar 27 16:23:42 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1214954,1215199,1216813,1218470,1220711,1220773,1224095,1224726,1225743,1225820,1225897,1226980,1227445,1228526,1228592,1229809,1229833,1230205,1230413,1230697,1231016,1231854,1231909,1231963,1232087,1232101,1232158,1232161,1232193,1232198,1232201,1232418,1232419,1232420,1232421,1232436,1232882,1233038,1233055,1233070,1233096,1233112,1233200,1233204,1233239,1233259,1233260,1233324,1233328,1233461,1233467,1233469,1233488,1233546,1233558,1233637,1233638,1233642,1233772,1233778,1233837,1234024,1234069,1234071,1234073,1234075,1234076,1234077,1234079,1234086,1234139,1234140,1234141,1234142,1234143,1234144,1234145,1234146,1234147,1234148,1234149,1234150,1234153,1234155,1234156,1234158,1234159,1234160,1234161,1234162,1234163,1234164,1234165,1234166,1234167,1234168,1234169,1234170,1234171,1234172,1234173,1234174,1234175,1234176,1234177,1234178,1234179,1234180,1234181,1234182,1234183,1234184,1234185,1234186,1234187,1234188,1234189,1234190,1234191,1234192,1234193,1 234194,1234195,1234196,1234197,1234198,1234199,1234200,1234201,1234203,1234204,1234205,1234207,1234208,1234209,1234219,1234220,1234221,1234237,1234238,1234239,1234240,1234241,1234242,1234243,1234278,1234279,1234280,1234281,1234282,1234294,1234338,1234357,1234381,1234454,1234464,1234605,1234619,1234635,1234651,1234652,1234654,1234655,1234657,1234658,1234659,1234668,1234683,1234690,1234693,1234725,1234726,1234810,1234811,1234825,1234826,1234827,1234829,1234832,1234834,1234843,1234846,1234848,1234853,1234855,1234856,1234863,1234884,1234887,1234888,1234889,1234891,1234893,1234898,1234899,1234900,1234901,1234905,1234906,1234907,1234909,1234911,1234912,1234916,1234918,1234920,1234921,1234922,1234923,1234929,1234930,1234931,1234934,1234937,1234947,1234948,1234950,1234952,1234957,1234960,1234962,1234963,1234968,1234969,1234970,1234971,1234973,1234974,1234989,1234999,1235000,1235001,1235002,1235003,1235004,1235007,1235009,1235011,1235016,1235019,1235031,1235032,1235033,1235035,1235037,123503 8,1235039,1235040,1235042,1235043,1235045,1235046,1235050,1235051,1235053,1235054,1235056,1235057,1235059,1235061,1235065,1235070,1235073,1235075,1235100,1235108,1235112,1235115,1235117,1235122,1235123,1235125,1235128,1235132,1235133,1235134,1235138,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235246,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235409,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235444,1235445,1235449,1235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235507,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235550,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,1235584,1235587,123 5611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235894,1235902,1235903,1235906,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,1236080,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236688,1236696,1236703,1236732,1236733,CVE-2023-52923,CVE-2024-26924,CVE-2024-27397,CVE-2024-35839,CVE-2024-36476,CVE-2 024-36908,CVE-2024-39282,CVE-2024-39480,CVE-2024-41042,CVE-2024-43913,CVE-2024-44934,CVE-2024-44996,CVE-2024-45828,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47678,CVE-2024-47809,CVE-2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49854,CVE-2024-49884,CVE-2024-49915,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50016,CVE-2024-50018,CVE-2024-50039,CVE-2024-50047,CVE-2024-50051,CVE-2024-50106,CVE-2024-50143,CVE-2024-50151,CVE-2024-50154,CVE-2024-50199,CVE-2024-50202,CVE-2024-50203,CVE-2024-50211,CVE-2024-50228,CVE-2024-50256,CVE-2024-50262,CVE-2024-50272,CVE-2024-50278,CVE-2024-50280,CVE-2024-50299,CVE-2024-52332,CVE-2024-53050,CVE-2024-53064,CVE-2024-53090,CVE-2024-53091,CVE-2024-53095,CVE-2024-53099,CVE-2024-53103,CVE-2024-53105,CVE-2024-53111,CVE-2024-53113,CVE-2024-53117,CVE-2024-53118,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53126,CVE-2024-53127,CVE-2024-53129,CVE-2024-53130,CVE-2024-53131,CVE-2024-53133,CVE-2024-531 34,CVE-2024-53136,CVE-2024-53141,CVE-2024-53142,CVE-2024-53144,CVE-2024-53146,CVE-2024-53148,CVE-2024-53150,CVE-2024-53151,CVE-2024-53154,CVE-2024-53155,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53159,CVE-2024-53160,CVE-2024-53161,CVE-2024-53162,CVE-2024-53164,CVE-2024-53166,CVE-2024-53168,CVE-2024-53169,CVE-2024-53170,CVE-2024-53171,CVE-2024-53172,CVE-2024-53173,CVE-2024-53174,CVE-2024-53175,CVE-2024-53179,CVE-2024-53180,CVE-2024-53185,CVE-2024-53187,CVE-2024-53188,CVE-2024-53190,CVE-2024-53191,CVE-2024-53194,CVE-2024-53195,CVE-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53200,CVE-2024-53201,CVE-2024-53202,CVE-2024-53203,CVE-2024-53206,CVE-2024-53207,CVE-2024-53208,CVE-2024-53209,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53215,CVE-2024-53216,CVE-2024-53217,CVE-2024-53222,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53234,CVE-2024-53236,CVE-2024-53237,CVE-2024-53239,CVE-2024-53240,CVE- 2024-53241,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56536,CVE-2024-56538,CVE-2024-56539,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56549,CVE-2024-56551,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56566,CVE-2024-56567,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56576,CVE-2024-56577,CVE-2024-56578,CVE-2024-56582,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56599,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56604,CVE-2024-56605,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56 620,CVE-2024-56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56667,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE -2024-56746,CVE-2024-56747,CVE-2024-56748,CVE-2024-56752,CVE-2024-56754,CVE-2024-56755,CVE-2024-56756,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE-2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-5 7938,CVE-2024-57940,CVE-2024-57946,CVE-2024-8805,CVE-2025-21632,CVE-2025-21645,CVE-2025-21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21674,CVE-2025-21676,CVE-2025-21682 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095). - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). - CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909). - CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469). - CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464). - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772). - CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069). - CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086). - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). - CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079). - CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071). - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). - CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221) - CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810). - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003). - CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912). - CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). The following non-security bugs were fixed: - 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes). - ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: Fix memory resource type union access (git-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes). - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes). - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes). - ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes). - ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Check UMP support for midi_version change (git-fixes). - ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes). - ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes). - ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes). - ALSA: seq: ump: Use guard() for locking (stable-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes). - ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: US16x08: Initialize array before use (git-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes). - ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes). - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes). - ASoC: amd: yc: Fix the wrong return value (git-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: hdmi-codec: reorder channel allocation list (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes). - Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: MGMT: Fix possible deadlocks (git-fixes). - Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes). - Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - Bluetooth: iso: Fix recursive locking warning (git-fixes). - Delete XHCI patch for regression (bsc#1235550) - Disable ceph (jsc#PED-7242) - Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes). - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes). - Drop downstream TPM fix patch (bsc#1233260 bsc#1233259 bsc#1232421) - Drop uvcvideo fix due to regression (bsc#1235894) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes). - NFSD: Async COPY result needs to return a write verifier (git-fixes). - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes). - NFSD: Fix nfsd4_shutdown_copy() (git-fixes). - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). - NFSD: Prevent a potential integer overflow (git-fixes). - NFSD: Remove a never-true comparison (git-fixes). - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes). - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes). - PCI/AER: Disable AER service on suspend (stable-fixes). - PCI/MSI: Handle lack of irqdomain gracefully (git-fixes). - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes). - PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes). - PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes). - PCI: Add T_PERST_CLK_US macro (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: Detect and trust built-in Thunderbolt chips (stable-fixes). - PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes). - PCI: Use preserve_config in place of pci_flags (stable-fixes). - PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes). - PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes). - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: j721e: Add PCIe 4x lane selection support (stable-fixes). - PCI: j721e: Add per platform maximum lane settings (stable-fixes). - PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes). - PCI: j721e: Add suspend and resume support (git-fixes). - PCI: j721e: Use T_PERST_CLK_US macro (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: qcom: Add support for IPQ9574 (stable-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes). - PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). - RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes) - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes) - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes) - RDMA/bnxt_re: Disable use of reserved wqes (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes) - RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes) - RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/bnxt_re: Remove always true dattr validity check (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes) - RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes) - RDMA/hns: Fix missing flush CQE for DWQE (git-fixes) - RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - RDMA/uverbs: Prevent integer overflow issue (git-fixes) - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146). - Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)' - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413) - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413) - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413) - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'unicode: Do not special case ignorable code points' (stable-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - Revert 'arm64: Kconfig: Make SME depend on BROKEN for now' - Revert 0dd78566990 ('Disable ceph (jsc#PED-7242)') - SUNRPC: make sure cache entry active before cache_show (git-fixes). - SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MediaTek T7XX compositions (stable-fixes). - USB: serial: option: add MeiG Smart SLM770A (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes). - USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes). - USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes). - accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes). - accel/habanalabs: fix debugfs files permissions (stable-fixes). - accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes). - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes). - af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725). - afs: Automatically generate trace tag enums (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix missing subdir edit when renamed between parent dirs (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - amdgpu/uvd: get ring reference from rq scheduler (git-fixes). - arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773). - arch: Remove cmpxchg_double (bsc#1220773). - arch: consolidate arch_irq_work_raise prototypes (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Force position-independent veneers (git-fixes). - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) - arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). - batman-adv: Do not let TT changes list grows indefinitely (git-fixes). - batman-adv: Do not send uninitialized TT changes (git-fixes). - batman-adv: Remove uninitialized data in full table TT response (git-fixes). - blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726). - blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139). - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144). - blk-iocost: do not WARN if iocg was already offlined (bsc#1234147). - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140). - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149). - block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150). - block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160). - block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280). - block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279). - block/mq-deadline: Fix the tag reservation code (bsc#1234148). - block: Call .limit_depth() after .hctx has been set (bsc#1234148). - block: Fix where bio IO priority gets set (bsc#1234145). - block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142). - block: update the stable_writes flag in bdev_add (bsc#1234141). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes). - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes). - bnxt_en: Set backplane link modes correctly for ethtool (git-fixes). - bpf, x86: Fix PROBE_MEM runtime load check (git-fixes). - bpf: verifier: prevent userspace memory access (git-fixes). - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128) - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes). - can: j1939: fix error in J1939 documentation (stable-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - checkpatch: always parse orig_commit in fixes tag (git-fixes). - checkpatch: check for missing Fixes tags (stable-fixes). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes). - clocksource/drivers:sp804: Make user selectable (git-fixes). - counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes). - counter: ti-ecap-capture: Add check for clk_enable() (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qat - disable IOV in adf_dev_stop() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes). - cyrpto/b128ops: Remove struct u128 (bsc#1220773). - devcoredump: cleanup some comments (git-fixes). - devlink: Fix length of eswitch inline-mode (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dma-buf: fix dma_fence_array_signaled v4 (stable-fixes). - dma-debug: fix a possible deadlock on radix_lock (stable-fixes). - dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes). - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes). - dmaengine: dw: Select only supported masters for ACPI devices (git-fixes). - dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). - dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes). - dmaengine: tegra: Return correct DMA status when paused (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - driver core: fw_devlink: Improve logs for cycle detection (stable-fixes). - driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes). - drm/amd/display: Add HDR workaround for specific eDP (stable-fixes). - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes). - drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Revert Avoid overflow assignment (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amd/pm: fix the high voltage issue after unload (stable-fixes). - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes). - drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes). - drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes). - drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes). - drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes). - drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes). - drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes). - drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: add raven1 gfxoff quirk (stable-fixes). - drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes). - drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes). - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes). - drm/amdgpu: do not access invalid sched (git-fixes). - drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes). - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes). - drm/amdgpu: fix usage slab after free (stable-fixes). - drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes). - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes). - drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes). - drm/amdkfd: Use device based logging for errors (stable-fixes). - drm/amdkfd: Use the correct wptr size (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/amdkfd: pause autosuspend when creating pdd (stable-fixes). - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/bridge: it6505: Enable module autoloading (stable-fixes). - drm/bridge: it6505: Fix inverted reset polarity (git-fixes). - drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes). - drm/display: Fix building with GCC 15 (stable-fixes). - drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes). - drm/dp_mst: Fix MST sideband message body length check (stable-fixes). - drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes). - drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes). - drm/i915/dg1: Fix power gate sequence (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes). - drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes). - drm/mcde: Enable module autoloading (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes). - drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes). - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes). - drm/printer: Allow NULL data in devcoredump printer (stable-fixes). - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes). - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes). - drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes). - drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes). - drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes). - drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - drm: adv7511: Drop dsi single lane support (git-fixes). - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes). - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - erofs: avoid debugging output for (de)compressed data (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). - ext4: add a new helper to check if es must be kept (bsc#1234170). - ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164). - ext4: add missed brelse in update_backups (bsc#1234171). - ext4: allow for the last group to be marked as trimmed (bsc#1234278). - ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191). - ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180). - ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193). - ext4: avoid overlapping preallocations due to overflow (bsc#1234162). - ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192). - ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187). - ext4: check the extent status again before inserting delalloc block (bsc#1234186). - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190). - ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178). - ext4: correct best extent lstart adjustment logic (bsc#1234179). - ext4: correct grp validation in ext4_mb_good_group (bsc#1234163). - ext4: correct return value of ext4_convert_meta_bg (bsc#1234172). - ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178). - ext4: correct the start block of counting reserved clusters (bsc#1234169). - ext4: do not let fstrim block system suspend (bsc#1234166). - ext4: do not trim the group with corrupted block bitmap (bsc#1234177). - ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170). - ext4: factor out a common helper to query extent map (bsc#1234186). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176). - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188). - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188). - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix potential unnitialized variable (bsc#1234183). - ext4: fix race between writepages and remount (bsc#1234168). - ext4: fix rec_len verify error (bsc#1234167). - ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170). - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185). - ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178). - ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170). - ext4: make ext4_es_insert_extent() return void (bsc#1234170). - ext4: make ext4_es_remove_extent() return void (bsc#1234170). - ext4: make ext4_zeroout_es() return void (bsc#1234170). - ext4: make sure allocate pending entry not fail (bsc#1234170). - ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175). - ext4: move 'ix' sanity check to corrent position (bsc#1234174). - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165). - ext4: nested locking for xattr inode (bsc#1234189). - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194). - ext4: refactor ext4_da_map_blocks() (bsc#1234178). - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173). - ext4: remove the redundant folio_wait_stable() (bsc#1234184). - ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182). - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181). - ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170). - ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - filemap: Fix bounds checking in filemap_read() (bsc#1234209). - filemap: add a per-mapping stable writes flag (bsc#1234141). - firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes). - fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200). - fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207). - fsnotify: fix sending inotify event with unexpected filename (bsc#1234198). - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes). - genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes). - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: grgpio: Add NULL check in grgpio_probe (git-fixes). - gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - hfsplus: do not query the device logical block size multiple times (git-fixes). - hvc/xen: fix console unplug (git-fixes). - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes). - hvc/xen: fix event channel handling for secondary consoles (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes). - hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes). - hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes). - hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes). - hwmon: (tmp513) Fix Current Register value interpretation (git-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes). - hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes). - hwmon: (tmp513) Use SI constants from units.h (stable-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes). - i2c: microchip-core: actually use repeated sends (git-fixes). - i2c: microchip-core: fix 'ghost' detections (git-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: pnx: Fix timeout in wait functions (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: riic: Always round-up when calculating bus period (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - i40e: Fix handling changed priv flags (git-fixes). - i915/guc: Accumulate active runtime on gt reset (git-fixes). - i915/guc: Ensure busyness counter increases motonically (git-fixes). - i915/guc: Reset engine utilization buffer before registration (git-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ice: Unbind the workqueue (bsc#1234989) - ice: change q_index variable type to s16 to store -1 value (git-fixes). - ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes). - ice: fix PHY Clock Recovery availability check (git-fixes). - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - igb: Fix potential invalid memory access in igb_init_module() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - instrumentation: Wire up cmpxchg128() (bsc#1220773). - intel_th: core: fix kernel-doc warnings (git-fixes). - io_uring/rw: avoid punting to io-wq directly (git-fixes). - io_uring/tctx: work around xa_store() allocation error issue (git-fixes). - io_uring: Fix registered ring file refcount leak (git-fixes). - io_uring: always lock __io_cqring_overflow_flush (git-fixes). - io_uring: check if iowq is killed before queuing (git-fixes). - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes). - isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199). - ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes). - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes). - jffs2: Fix rtime decompressor (git-fixes). - jffs2: Prevent rtime decompress memory corruption (git-fixes). - jffs2: fix use of uninitialized variable (git-fixes). - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes). - jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). - jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). - jfs: fix shift-out-of-bounds in dbSplit (git-fixes). - jfs: xattr: check invalid xattr size more strictly (git-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes). - kabi/severities: make vcap_find_actionfield PASS (bsc#1220773) - kasan: make report_lock a raw spinlock (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kdb: Fix buffer overflow during tab-complete (bsc#1234652). - kdb: Fix console handling when editing and tab-completing commands (bsc#1234655). - kdb: Merge identical case statements in kdb_read() (bsc#1234657). - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658). - kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654). - kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654). - kdb: address -Wformat-security warnings (bsc#1234659). - kgdb: Flush console before entering kgdb on panic (bsc#1234651). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes). - locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix). - loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143). - mac80211: fix user-power when emulating chanctx (stable-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes). - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes). - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - mfd: da9052-spi: Change read-mask to write-mask (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/readahead: do not allow order-1 folio (bsc#1234205). - mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes). - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes). - mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes). - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes). - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes). - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes). - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes). - mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes). - mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes). - net/ipv6: release expired exception dst cached in socket (bsc#1216813). - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes). - net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes). - net/mlx5e: clear xdp features on non-uplink representors (git-fixes). - net/qed: allow old cards not supporting 'num_images' to work (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes). - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Quectel RG650V (stable-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nfs: ignore SB_RDONLY when mounting nfs (git-fixes). - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes). - nfsd: make sure exp active before svc_export_show (git-fixes). - nfsd: release svc_expkey/svc_export with rcu_work (git-fixes). - nfsd: restore callback functionality for NFSv4.0 (git-fixes). - nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). - nilfs2: prevent use of deleted inode (git-fixes). - nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes). - nvme-rdma: unquiesce admin_q before destroy it (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme-tcp: fix the memleak while create new ctrl failed (git-fixes). - nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: apple: fix device reference counting (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvme: fix metadata handling in nvme-passthrough (git-fixes). - nvmet-loop: avoid using mutex in IO hotpath (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes). - ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes). - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes). - of: Fix error path in of_parse_phandle_with_args_map() (git-fixes). - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes). - of: address: Report error on resource bounds overflow (stable-fixes). - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - parisc: Raise minimal GCC version (bsc#1220773). - parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix). - percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773). - percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix). - percpu: Wire up cmpxchg128 (bsc#1220773). - phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes). - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes). - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes). - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes). - phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes). - phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes). - phy: rockchip: naneng-combphy: fix phy reset (git-fixes). - phy: usb: Toggle the PHY power during init (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes). - pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes). - pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - pinmux: Use sequential access to access desc->pinmux data (stable-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes). - platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes). - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes). - platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - power: supply: gpio-charger: Fix set charge current limits (git-fixes). - powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - quota: Fix rcu annotations of inode dquot pointers (bsc#1234197). - quota: explicitly forbid quota files from being encrypted (bsc#1234196). - quota: flush quota_release_work upon quota writeback (bsc#1234195). - quota: simplify drop_dquot_ref() (bsc#1234197). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208). - regmap: Use correct format specifier for logging range errors (stable-fixes). - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390/cio: Do not unregister the subchannel based on DNV (git-fixes). - s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773). - s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes). - s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes). - s390/facility: Disable compile time optimization for decompressor code (git-fixes). - s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes). - s390/pageattr: Implement missing kernel_page_present() (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - scatterlist: fix incorrect func name in kernel-doc (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)). - scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409). - scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409). - scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409). - scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409). - scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409). - scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409). - scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409). - scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409). - scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409). - scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409). - scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406). - scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406). - scsi: qla2xxx: Fix use after free on unload (bsc#1235406). - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406). - scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406). - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406). - scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406). - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes). - serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes). - serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes). - serial: 8250_fintek: Add support for F81216E (stable-fixes). - serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes). - serial: amba-pl011: Fix RX stall when DMA is used (git-fixes). - serial: amba-pl011: Use port lock wrappers (stable-fixes). - serial: amba-pl011: fix build regression (git-fixes). - serial: do not use uninitialized value in uart_poll_init() (git-fixes). - serial: imx: only set receiver level if it is zero (git-fixes). - serial: imx: set receiver level before starting uart (git-fixes). - serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes). - serial: qcom-geni: disable interrupts during console writes (git-fixes). - serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes). - serial: qcom-geni: fix console corruption (git-fixes). - serial: qcom-geni: fix dma rx cancellation (git-fixes). - serial: qcom-geni: fix false console tx restart (git-fixes). - serial: qcom-geni: fix fifo polling timeout (git-fixes). - serial: qcom-geni: fix hard lockup on buffer flush (git-fixes). - serial: qcom-geni: fix polled console corruption (git-fixes). - serial: qcom-geni: fix polled console initialisation (git-fixes). - serial: qcom-geni: fix receiver enable (git-fixes). - serial: qcom-geni: fix shutdown race (git-fixes). - serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes). - serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes). - serial: qcom-geni: revert broken hibernation support (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes). - serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes). - slub: Replace cmpxchg_double() (bsc#1220773). - slub: Replace cmpxchg_double() - KABI fix (bsc#1220773). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642] - soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes). - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes). - soc: imx8m: Probe the SoC driver as platform driver (stable-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: Add check devm_kasprintf() returned value (stable-fixes). - soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes). - soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes). - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes). - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8645) - svcrdma: Address an integer overflow (git-fixes). - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes). - swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes). - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes). - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tools: hv: change permissions of NetworkManager configuration file (git-fixes). - tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tpm_tis_spi: Release chip select when flow control fails (bsc#1234338) - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes). - types: Introduce [us]128 (bsc#1220773). - ubifs: Correct the total block count by deducting journal reservation (git-fixes). - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - udf: Fix lock ordering in udf_evict_inode() (bsc#1234238). - udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243). - udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239). - udf: refactor inode_bmap() to handle error (bsc#1234242). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes). - usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes). - usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes). - usb: dwc2: Fix HCD port connection race (git-fixes). - usb: dwc2: Fix HCD resume (git-fixes). - usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes). - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes). - usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes). - usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes). - usb: host: max3421-hcd: Correctly abort a USB request (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes). - usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes). - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes). - vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes). - vdpa: solidrun: Fix UB bug with devres (git-fixes). - vfs: fix readahead(2) on block devices (bsc#1234201). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes). - wifi: ath5k: add PCI ID for SX76X (git-fixes). - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix station NSS capability initialization order (git-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes). - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416). - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203). - x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773). - x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773). - x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). - xfs: do not allocate COW extents when unsharing a hole (git-fixes). - xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes). - xfs: remove unknown compat feature check in superblock write validation (git-fixes). - xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes). - xfs: sb_spino_align is not verified (git-fixes). - xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes). - xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes). The following package changes have been done: - kernel-default-6.4.0-25.1 updated - container:suse-toolbox-image-1.0.0-4.12 updated From sle-container-updates at lists.suse.com Fri Mar 28 08:07:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Mar 2025 09:07:33 +0100 (CET) Subject: SUSE-IU-2025:824-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250328080733.3FA4FFB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:824-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.14 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.14 Severity : important Type : security References : 1012628 1065729 1181674 1194869 1207948 1214954 1215199 1216702 1216813 1218470 1219170 1219596 1220021 1220328 1220430 1220711 1220773 1221044 1221303 1221858 1222426 1222608 1222721 1222775 1222780 1223020 1223023 1223024 1223038 1223039 1223041 1223046 1223051 1223052 1223058 1223061 1223076 1223113 1223187 1223285 1223315 1223591 1223592 1223633 1223637 1223641 1223649 1223650 1223651 1223652 1223654 1223660 1223661 1223665 1223666 1223671 1223675 1223677 1223678 1223696 1223698 1223705 1223712 1223718 1223728 1223739 1223741 1223744 1223747 1223748 1223750 1223752 1223754 1223757 1223759 1223761 1223762 1223782 1223787 1223788 1223789 1223790 1223802 1223805 1223827 1223831 1223834 1223869 1223874 1224095 1224174 1224177 1224180 1224423 1224432 1224433 1224437 1224438 1224443 1224445 1224449 1224479 1224480 1224482 1224486 1224487 1224491 1224492 1224494 1224495 1224500 1224501 1224504 1224505 1224506 1224507 1224508 1224509 1224513 1224517 1224519 1224521 1224524 1224526 1224537 1224542 1224546 1224552 1224555 1224557 1224558 1224559 1224562 1224566 1224567 1224568 1224569 1224571 1224573 1224576 1224577 1224578 1224579 1224582 1224585 1224586 1224587 1224588 1224592 1224596 1224598 1224600 1224601 1224603 1224605 1224607 1224609 1224611 1224613 1224615 1224617 1224618 1224620 1224622 1224623 1224624 1224626 1224627 1224629 1224630 1224632 1224633 1224634 1224637 1224639 1224640 1224643 1224644 1224646 1224647 1224650 1224651 1224653 1224654 1224657 1224660 1224663 1224665 1224666 1224671 1224675 1224676 1224677 1224680 1224681 1224682 1224683 1224685 1224686 1224687 1224688 1224692 1224696 1224697 1224699 1224701 1224703 1224704 1224705 1224706 1224707 1224709 1224710 1224712 1224714 1224716 1224717 1224719 1224722 1224723 1224726 1224728 1224729 1224730 1224731 1224732 1224733 1224736 1224738 1224739 1224740 1224741 1224747 1224749 1224803 1224804 1225502 1225579 1225593 1225692 1225694 1225695 1225698 1225699 1225704 1225705 1225708 1225710 1225715 1225720 1225722 1225728 1225734 1225735 1225736 1225743 1225747 1225748 1225749 1225750 1225769 1225775 1225820 1225897 1226980 1227445 1228526 1228592 1229025 1229809 1229833 1230205 1230697 1231016 1231854 1231909 1231963 1232087 1232101 1232158 1232161 1232193 1232198 1232201 1232418 1232419 1232420 1232421 1232436 1232882 1233038 1233055 1233070 1233096 1233112 1233200 1233204 1233239 1233259 1233260 1233324 1233328 1233461 1233467 1233469 1233488 1233546 1233558 1233637 1233638 1233642 1233772 1233778 1233837 1234024 1234069 1234071 1234073 1234075 1234076 1234077 1234079 1234086 1234139 1234140 1234141 1234142 1234143 1234144 1234145 1234146 1234147 1234148 1234149 1234150 1234153 1234155 1234156 1234158 1234159 1234160 1234161 1234162 1234163 1234164 1234165 1234166 1234167 1234168 1234169 1234170 1234171 1234172 1234173 1234174 1234175 1234176 1234177 1234178 1234179 1234180 1234181 1234182 1234183 1234184 1234185 1234186 1234187 1234188 1234189 1234190 1234191 1234192 1234193 1234194 1234195 1234196 1234197 1234198 1234199 1234200 1234201 1234203 1234204 1234205 1234207 1234208 1234209 1234219 1234220 1234221 1234237 1234238 1234239 1234240 1234241 1234242 1234243 1234278 1234279 1234280 1234281 1234282 1234294 1234338 1234357 1234381 1234454 1234464 1234605 1234619 1234635 1234651 1234652 1234654 1234655 1234657 1234658 1234659 1234668 1234683 1234690 1234693 1234725 1234726 1234810 1234811 1234825 1234826 1234827 1234829 1234832 1234834 1234843 1234846 1234848 1234853 1234855 1234856 1234863 1234884 1234887 1234888 1234889 1234891 1234893 1234898 1234899 1234900 1234901 1234905 1234906 1234907 1234909 1234911 1234912 1234916 1234918 1234920 1234921 1234922 1234923 1234929 1234930 1234931 1234934 1234937 1234947 1234948 1234950 1234952 1234957 1234960 1234962 1234963 1234968 1234969 1234970 1234971 1234973 1234974 1234989 1234999 1235000 1235001 1235002 1235003 1235004 1235007 1235009 1235011 1235016 1235019 1235031 1235032 1235033 1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235045 1235046 1235050 1235051 1235053 1235054 1235056 1235057 1235059 1235061 1235065 1235070 1235073 1235075 1235100 1235108 1235112 1235115 1235117 1235122 1235123 1235125 1235128 1235132 1235133 1235134 1235138 1235155 1235160 1235217 1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241 1235246 1235249 1235251 1235252 1235389 1235390 1235391 1235406 1235409 1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423 1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433 1235437 1235439 1235444 1235445 1235449 1235451 1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480 1235483 1235486 1235487 1235488 1235489 1235491 1235494 1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235507 1235519 1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534 1235537 1235538 1235545 1235550 1235552 1235555 1235557 1235563 1235564 1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583 1235584 1235587 1235611 1235612 1235616 1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645 1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235686 1235700 1235705 1235707 1235708 1235710 1235714 1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745 1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777 1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814 1235818 1235842 1235865 1235894 1235902 1235903 1235906 1235918 1235919 1235920 1235924 1235940 1235941 1235946 1235948 1235952 1235964 1235965 1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088 1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104 1236106 1236120 1236125 1236127 1236131 1236138 1236143 1236144 1236145 1236160 1236161 1236163 1236168 1236178 1236180 1236181 1236182 1236190 1236192 1236198 1236227 1236245 1236247 1236248 1236260 1236262 1236628 1236688 1236696 1236703 1236732 1236733 CVE-2023-47233 CVE-2023-52463 CVE-2023-52472 CVE-2023-52591 CVE-2023-52653 CVE-2023-52657 CVE-2023-52658 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52663 CVE-2023-52664 CVE-2023-52667 CVE-2023-52669 CVE-2023-52670 CVE-2023-52671 CVE-2023-52673 CVE-2023-52675 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52681 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52687 CVE-2023-52690 CVE-2023-52691 CVE-2023-52693 CVE-2023-52694 CVE-2023-52695 CVE-2023-52696 CVE-2023-52697 CVE-2023-52882 CVE-2023-52923 CVE-2024-22099 CVE-2024-26611 CVE-2024-26742 CVE-2024-26761 CVE-2024-26764 CVE-2024-26786 CVE-2024-26794 CVE-2024-26846 CVE-2024-26853 CVE-2024-26854 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26858 CVE-2024-26861 CVE-2024-26866 CVE-2024-26868 CVE-2024-26870 CVE-2024-26881 CVE-2024-26900 CVE-2024-26903 CVE-2024-26922 CVE-2024-26924 CVE-2024-26932 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26940 CVE-2024-26943 CVE-2024-26949 CVE-2024-26950 CVE-2024-26951 CVE-2024-26957 CVE-2024-26961 CVE-2024-26962 CVE-2024-26963 CVE-2024-26964 CVE-2024-26973 CVE-2024-26983 CVE-2024-26984 CVE-2024-26986 CVE-2024-26988 CVE-2024-26989 CVE-2024-26994 CVE-2024-26995 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27002 CVE-2024-27003 CVE-2024-27004 CVE-2024-27008 CVE-2024-27027 CVE-2024-27028 CVE-2024-27029 CVE-2024-27030 CVE-2024-27031 CVE-2024-27046 CVE-2024-27057 CVE-2024-27062 CVE-2024-27067 CVE-2024-27080 CVE-2024-27388 CVE-2024-27389 CVE-2024-27397 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27405 CVE-2024-27410 CVE-2024-27411 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27432 CVE-2024-27434 CVE-2024-27435 CVE-2024-27436 CVE-2024-35784 CVE-2024-35786 CVE-2024-35788 CVE-2024-35789 CVE-2024-35790 CVE-2024-35794 CVE-2024-35795 CVE-2024-35796 CVE-2024-35799 CVE-2024-35800 CVE-2024-35801 CVE-2024-35806 CVE-2024-35808 CVE-2024-35809 CVE-2024-35810 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35815 CVE-2024-35817 CVE-2024-35819 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35824 CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35834 CVE-2024-35835 CVE-2024-35836 CVE-2024-35837 CVE-2024-35838 CVE-2024-35839 CVE-2024-35841 CVE-2024-35842 CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35850 CVE-2024-35851 CVE-2024-35875 CVE-2024-35878 CVE-2024-35879 CVE-2024-35883 CVE-2024-35885 CVE-2024-35887 CVE-2024-35889 CVE-2024-35891 CVE-2024-35901 CVE-2024-35904 CVE-2024-35907 CVE-2024-35909 CVE-2024-35911 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35916 CVE-2024-35922 CVE-2024-35924 CVE-2024-35927 CVE-2024-35928 CVE-2024-35930 CVE-2024-35932 CVE-2024-35933 CVE-2024-35936 CVE-2024-35937 CVE-2024-35938 CVE-2024-35940 CVE-2024-35945 CVE-2024-35946 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35953 CVE-2024-35954 CVE-2024-35955 CVE-2024-35958 CVE-2024-35959 CVE-2024-35960 CVE-2024-35961 CVE-2024-35963 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35971 CVE-2024-35972 CVE-2024-35973 CVE-2024-35974 CVE-2024-35975 CVE-2024-35977 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35986 CVE-2024-35989 CVE-2024-35990 CVE-2024-35992 CVE-2024-35995 CVE-2024-35997 CVE-2024-36002 CVE-2024-36009 CVE-2024-36011 CVE-2024-36012 CVE-2024-36014 CVE-2024-36018 CVE-2024-36019 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36026 CVE-2024-36029 CVE-2024-36032 CVE-2024-36476 CVE-2024-36880 CVE-2024-36885 CVE-2024-36891 CVE-2024-36893 CVE-2024-36894 CVE-2024-36895 CVE-2024-36896 CVE-2024-36897 CVE-2024-36898 CVE-2024-36906 CVE-2024-36908 CVE-2024-36921 CVE-2024-36922 CVE-2024-36928 CVE-2024-36930 CVE-2024-36931 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36949 CVE-2024-36950 CVE-2024-36951 CVE-2024-36955 CVE-2024-36959 CVE-2024-39282 CVE-2024-39480 CVE-2024-41042 CVE-2024-43913 CVE-2024-44934 CVE-2024-44996 CVE-2024-45828 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143 CVE-2024-47678 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49569 CVE-2024-49854 CVE-2024-49884 CVE-2024-49915 CVE-2024-49948 CVE-2024-49951 CVE-2024-49978 CVE-2024-49998 CVE-2024-50016 CVE-2024-50018 CVE-2024-50039 CVE-2024-50047 CVE-2024-50051 CVE-2024-50106 CVE-2024-50143 CVE-2024-50151 CVE-2024-50154 CVE-2024-50199 CVE-2024-50202 CVE-2024-50203 CVE-2024-50211 CVE-2024-50228 CVE-2024-50256 CVE-2024-50262 CVE-2024-50272 CVE-2024-50278 CVE-2024-50280 CVE-2024-50299 CVE-2024-52332 CVE-2024-53050 CVE-2024-53064 CVE-2024-53090 CVE-2024-53091 CVE-2024-53095 CVE-2024-53099 CVE-2024-53103 CVE-2024-53105 CVE-2024-53111 CVE-2024-53113 CVE-2024-53117 CVE-2024-53118 CVE-2024-53119 CVE-2024-53120 CVE-2024-53122 CVE-2024-53125 CVE-2024-53126 CVE-2024-53127 CVE-2024-53129 CVE-2024-53130 CVE-2024-53131 CVE-2024-53133 CVE-2024-53134 CVE-2024-53136 CVE-2024-53141 CVE-2024-53142 CVE-2024-53144 CVE-2024-53146 CVE-2024-53148 CVE-2024-53150 CVE-2024-53151 CVE-2024-53154 CVE-2024-53155 CVE-2024-53156 CVE-2024-53157 CVE-2024-53158 CVE-2024-53159 CVE-2024-53160 CVE-2024-53161 CVE-2024-53162 CVE-2024-53164 CVE-2024-53166 CVE-2024-53168 CVE-2024-53169 CVE-2024-53170 CVE-2024-53171 CVE-2024-53172 CVE-2024-53173 CVE-2024-53174 CVE-2024-53175 CVE-2024-53179 CVE-2024-53180 CVE-2024-53185 CVE-2024-53187 CVE-2024-53188 CVE-2024-53190 CVE-2024-53191 CVE-2024-53194 CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53200 CVE-2024-53201 CVE-2024-53202 CVE-2024-53203 CVE-2024-53206 CVE-2024-53207 CVE-2024-53208 CVE-2024-53209 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214 CVE-2024-53215 CVE-2024-53216 CVE-2024-53217 CVE-2024-53222 CVE-2024-53224 CVE-2024-53227 CVE-2024-53229 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232 CVE-2024-53233 CVE-2024-53234 CVE-2024-53236 CVE-2024-53237 CVE-2024-53239 CVE-2024-53240 CVE-2024-53241 CVE-2024-53685 CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56536 CVE-2024-56538 CVE-2024-56539 CVE-2024-56543 CVE-2024-56546 CVE-2024-56548 CVE-2024-56549 CVE-2024-56551 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56566 CVE-2024-56567 CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572 CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56576 CVE-2024-56577 CVE-2024-56578 CVE-2024-56582 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589 CVE-2024-56590 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56599 CVE-2024-5660 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56604 CVE-2024-56605 CVE-2024-56606 CVE-2024-56607 CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614 CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620 CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630 CVE-2024-56631 CVE-2024-56632 CVE-2024-56634 CVE-2024-56635 CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650 CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56659 CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664 CVE-2024-56665 CVE-2024-56667 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677 CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694 CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705 CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715 CVE-2024-56716 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724 CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56752 CVE-2024-56754 CVE-2024-56755 CVE-2024-56756 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763 CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774 CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779 CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804 CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857 CVE-2024-57874 CVE-2024-57876 CVE-2024-57884 CVE-2024-57887 CVE-2024-57888 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893 CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932 CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940 CVE-2024-57946 CVE-2024-8805 CVE-2025-21632 CVE-2025-21645 CVE-2025-21646 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652 CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663 CVE-2025-21664 CVE-2025-21674 CVE-2025-21676 CVE-2025-21682 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-4 Released: Fri Mar 28 08:51:47 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1065729,1181674,1194869,1207948,1214954,1215199,1216702,1216813,1218470,1219170,1219596,1220021,1220328,1220430,1220711,1220773,1221044,1221303,1221858,1222426,1222608,1222721,1222775,1222780,1223020,1223023,1223024,1223038,1223039,1223041,1223046,1223051,1223052,1223058,1223061,1223076,1223113,1223187,1223285,1223315,1223591,1223592,1223633,1223637,1223641,1223649,1223650,1223651,1223652,1223654,1223660,1223661,1223665,1223666,1223671,1223675,1223677,1223678,1223696,1223698,1223705,1223712,1223718,1223728,1223739,1223741,1223744,1223747,1223748,1223750,1223752,1223754,1223757,1223759,1223761,1223762,1223782,1223787,1223788,1223789,1223790,1223802,1223805,1223827,1223831,1223834,1223869,1223874,1224095,1224174,1224177,1224180,1224423,1224432,1224433,1224437,1224438,1224443,1224445,1224449,1224479,1224480,1224482,1224486,1224487,1224491,1224492,1224494,1224495,1224500,1224501,1224504,1224505,1224506,1224507,1224508,1224509,1224513,1224517,1224519,1224521,1224524,1 224526,1224537,1224542,1224546,1224552,1224555,1224557,1224558,1224559,1224562,1224566,1224567,1224568,1224569,1224571,1224573,1224576,1224577,1224578,1224579,1224582,1224585,1224586,1224587,1224588,1224592,1224596,1224598,1224600,1224601,1224603,1224605,1224607,1224609,1224611,1224613,1224615,1224617,1224618,1224620,1224622,1224623,1224624,1224626,1224627,1224629,1224630,1224632,1224633,1224634,1224637,1224639,1224640,1224643,1224644,1224646,1224647,1224650,1224651,1224653,1224654,1224657,1224660,1224663,1224665,1224666,1224671,1224675,1224676,1224677,1224680,1224681,1224682,1224683,1224685,1224686,1224687,1224688,1224692,1224696,1224697,1224699,1224701,1224703,1224704,1224705,1224706,1224707,1224709,1224710,1224712,1224714,1224716,1224717,1224719,1224722,1224723,1224726,1224728,1224729,1224730,1224731,1224732,1224733,1224736,1224738,1224739,1224740,1224741,1224747,1224749,1224803,1224804,1225502,1225579,1225593,1225692,1225694,1225695,1225698,1225699,1225704,1225705,1225708,122571 0,1225715,1225720,1225722,1225728,1225734,1225735,1225736,1225743,1225747,1225748,1225749,1225750,1225769,1225775,1225820,1225897,1226980,1227445,1228526,1228592,1229025,1229809,1229833,1230205,1230697,1231016,1231854,1231909,1231963,1232087,1232101,1232158,1232161,1232193,1232198,1232201,1232418,1232419,1232420,1232421,1232436,1232882,1233038,1233055,1233070,1233096,1233112,1233200,1233204,1233239,1233259,1233260,1233324,1233328,1233461,1233467,1233469,1233488,1233546,1233558,1233637,1233638,1233642,1233772,1233778,1233837,1234024,1234069,1234071,1234073,1234075,1234076,1234077,1234079,1234086,1234139,1234140,1234141,1234142,1234143,1234144,1234145,1234146,1234147,1234148,1234149,1234150,1234153,1234155,1234156,1234158,1234159,1234160,1234161,1234162,1234163,1234164,1234165,1234166,1234167,1234168,1234169,1234170,1234171,1234172,1234173,1234174,1234175,1234176,1234177,1234178,1234179,1234180,1234181,1234182,1234183,1234184,1234185,1234186,1234187,1234188,1234189,1234190,1234191,123 4192,1234193,1234194,1234195,1234196,1234197,1234198,1234199,1234200,1234201,1234203,1234204,1234205,1234207,1234208,1234209,1234219,1234220,1234221,1234237,1234238,1234239,1234240,1234241,1234242,1234243,1234278,1234279,1234280,1234281,1234282,1234294,1234338,1234357,1234381,1234454,1234464,1234605,1234619,1234635,1234651,1234652,1234654,1234655,1234657,1234658,1234659,1234668,1234683,1234690,1234693,1234725,1234726,1234810,1234811,1234825,1234826,1234827,1234829,1234832,1234834,1234843,1234846,1234848,1234853,1234855,1234856,1234863,1234884,1234887,1234888,1234889,1234891,1234893,1234898,1234899,1234900,1234901,1234905,1234906,1234907,1234909,1234911,1234912,1234916,1234918,1234920,1234921,1234922,1234923,1234929,1234930,1234931,1234934,1234937,1234947,1234948,1234950,1234952,1234957,1234960,1234962,1234963,1234968,1234969,1234970,1234971,1234973,1234974,1234989,1234999,1235000,1235001,1235002,1235003,1235004,1235007,1235009,1235011,1235016,1235019,1235031,1235032,1235033,1235035, 1235037,1235038,1235039,1235040,1235042,1235043,1235045,1235046,1235050,1235051,1235053,1235054,1235056,1235057,1235059,1235061,1235065,1235070,1235073,1235075,1235100,1235108,1235112,1235115,1235117,1235122,1235123,1235125,1235128,1235132,1235133,1235134,1235138,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235246,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235409,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235444,1235445,1235449,1235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235507,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235550,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,12355 84,1235587,1235611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235894,1235902,1235903,1235906,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,1236080,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236688,1236696,1236703,1236732,1236733,CVE-2023-47233,CVE-2023-52463,CVE-2023-52472,CVE-2023-52591,CVE-20 23-52653,CVE-2023-52657,CVE-2023-52658,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52663,CVE-2023-52664,CVE-2023-52667,CVE-2023-52669,CVE-2023-52670,CVE-2023-52671,CVE-2023-52673,CVE-2023-52675,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52681,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52687,CVE-2023-52690,CVE-2023-52691,CVE-2023-52693,CVE-2023-52694,CVE-2023-52695,CVE-2023-52696,CVE-2023-52697,CVE-2023-52882,CVE-2023-52923,CVE-2024-22099,CVE-2024-26611,CVE-2024-26742,CVE-2024-26761,CVE-2024-26764,CVE-2024-26786,CVE-2024-26794,CVE-2024-26846,CVE-2024-26853,CVE-2024-26854,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26858,CVE-2024-26861,CVE-2024-26866,CVE-2024-26868,CVE-2024-26870,CVE-2024-26881,CVE-2024-26900,CVE-2024-26903,CVE-2024-26922,CVE-2024-26924,CVE-2024-26932,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26940,CVE-2024-26943,CVE-2024-26949,CVE-2024-26950,CVE-2024-26951,CVE-2024-26957,CVE-2024-26961,CVE-2024-2696 2,CVE-2024-26963,CVE-2024-26964,CVE-2024-26973,CVE-2024-26983,CVE-2024-26984,CVE-2024-26986,CVE-2024-26988,CVE-2024-26989,CVE-2024-26994,CVE-2024-26995,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27002,CVE-2024-27003,CVE-2024-27004,CVE-2024-27008,CVE-2024-27027,CVE-2024-27028,CVE-2024-27029,CVE-2024-27030,CVE-2024-27031,CVE-2024-27046,CVE-2024-27057,CVE-2024-27062,CVE-2024-27067,CVE-2024-27080,CVE-2024-27388,CVE-2024-27389,CVE-2024-27397,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27405,CVE-2024-27410,CVE-2024-27411,CVE-2024-27412,CVE-2024-27413,CVE-2024-27416,CVE-2024-27432,CVE-2024-27434,CVE-2024-27435,CVE-2024-27436,CVE-2024-35784,CVE-2024-35786,CVE-2024-35788,CVE-2024-35789,CVE-2024-35790,CVE-2024-35794,CVE-2024-35795,CVE-2024-35796,CVE-2024-35799,CVE-2024-35800,CVE-2024-35801,CVE-2024-35806,CVE-2024-35808,CVE-2024-35809,CVE-2024-35810,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35815,CVE-2024-35817,CVE-2024-35819,CVE-2 024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35824,CVE-2024-35825,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35833,CVE-2024-35834,CVE-2024-35835,CVE-2024-35836,CVE-2024-35837,CVE-2024-35838,CVE-2024-35839,CVE-2024-35841,CVE-2024-35842,CVE-2024-35845,CVE-2024-35847,CVE-2024-35849,CVE-2024-35850,CVE-2024-35851,CVE-2024-35875,CVE-2024-35878,CVE-2024-35879,CVE-2024-35883,CVE-2024-35885,CVE-2024-35887,CVE-2024-35889,CVE-2024-35891,CVE-2024-35901,CVE-2024-35904,CVE-2024-35907,CVE-2024-35909,CVE-2024-35911,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35916,CVE-2024-35922,CVE-2024-35924,CVE-2024-35927,CVE-2024-35928,CVE-2024-35930,CVE-2024-35932,CVE-2024-35933,CVE-2024-35936,CVE-2024-35937,CVE-2024-35938,CVE-2024-35940,CVE-2024-35945,CVE-2024-35946,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35953,CVE-2024-35954,CVE-2024-35955,CVE-2024-35958,CVE-2024-35959,CVE-2024-35960,CVE-2024-35961,CVE-2024-35963,CVE-2024-35965,CVE-2024-35966,CVE-2024-359 67,CVE-2024-35971,CVE-2024-35972,CVE-2024-35973,CVE-2024-35974,CVE-2024-35975,CVE-2024-35977,CVE-2024-35978,CVE-2024-35982,CVE-2024-35984,CVE-2024-35986,CVE-2024-35989,CVE-2024-35990,CVE-2024-35992,CVE-2024-35995,CVE-2024-35997,CVE-2024-36002,CVE-2024-36009,CVE-2024-36011,CVE-2024-36012,CVE-2024-36014,CVE-2024-36018,CVE-2024-36019,CVE-2024-36020,CVE-2024-36021,CVE-2024-36025,CVE-2024-36026,CVE-2024-36029,CVE-2024-36032,CVE-2024-36476,CVE-2024-36880,CVE-2024-36885,CVE-2024-36891,CVE-2024-36893,CVE-2024-36894,CVE-2024-36895,CVE-2024-36896,CVE-2024-36897,CVE-2024-36898,CVE-2024-36906,CVE-2024-36908,CVE-2024-36921,CVE-2024-36922,CVE-2024-36928,CVE-2024-36930,CVE-2024-36931,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36955,CVE-2024-36959,CVE-2024-39282,CVE-2024-39480,CVE-2024-41042,CVE-2024-43913,CVE-2024-44934,CVE-2024-44996,CVE-2024-45828,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47678,CVE-2024-47809,CVE- 2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49854,CVE-2024-49884,CVE-2024-49915,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50016,CVE-2024-50018,CVE-2024-50039,CVE-2024-50047,CVE-2024-50051,CVE-2024-50106,CVE-2024-50143,CVE-2024-50151,CVE-2024-50154,CVE-2024-50199,CVE-2024-50202,CVE-2024-50203,CVE-2024-50211,CVE-2024-50228,CVE-2024-50256,CVE-2024-50262,CVE-2024-50272,CVE-2024-50278,CVE-2024-50280,CVE-2024-50299,CVE-2024-52332,CVE-2024-53050,CVE-2024-53064,CVE-2024-53090,CVE-2024-53091,CVE-2024-53095,CVE-2024-53099,CVE-2024-53103,CVE-2024-53105,CVE-2024-53111,CVE-2024-53113,CVE-2024-53117,CVE-2024-53118,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53126,CVE-2024-53127,CVE-2024-53129,CVE-2024-53130,CVE-2024-53131,CVE-2024-53133,CVE-2024-53134,CVE-2024-53136,CVE-2024-53141,CVE-2024-53142,CVE-2024-53144,CVE-2024-53146,CVE-2024-53148,CVE-2024-53150,CVE-2024-53151,CVE-2024-53154,CVE-2024-53155,CVE-2024-53156,CVE-2024-53157,CVE-2024-53 158,CVE-2024-53159,CVE-2024-53160,CVE-2024-53161,CVE-2024-53162,CVE-2024-53164,CVE-2024-53166,CVE-2024-53168,CVE-2024-53169,CVE-2024-53170,CVE-2024-53171,CVE-2024-53172,CVE-2024-53173,CVE-2024-53174,CVE-2024-53175,CVE-2024-53179,CVE-2024-53180,CVE-2024-53185,CVE-2024-53187,CVE-2024-53188,CVE-2024-53190,CVE-2024-53191,CVE-2024-53194,CVE-2024-53195,CVE-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53200,CVE-2024-53201,CVE-2024-53202,CVE-2024-53203,CVE-2024-53206,CVE-2024-53207,CVE-2024-53208,CVE-2024-53209,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53215,CVE-2024-53216,CVE-2024-53217,CVE-2024-53222,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53234,CVE-2024-53236,CVE-2024-53237,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56536,CVE -2024-56538,CVE-2024-56539,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56549,CVE-2024-56551,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56566,CVE-2024-56567,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56576,CVE-2024-56577,CVE-2024-56578,CVE-2024-56582,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56599,CVE-2024-5660,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56604,CVE-2024-56605,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56620,CVE-2024-56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56 641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56667,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE-2024-56746,CVE-2024-56747,CVE-2024-56748,CVE-2024-56752,CVE-2024-56754,CVE-2024-56755,CVE-2024-56756,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE -2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-57938,CVE-2024-57940,CVE-2024-57946,CVE-2024-8805,CVE-2025-21632,CVE-2025-21645,CVE-2025-21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21 655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21674,CVE-2025-21676,CVE-2025-21682 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095). - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). - CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909). - CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469). - CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464). - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772). - CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069). - CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086). - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). - CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079). - CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071). - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). - CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221) - CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810). - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003). - CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912). - CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). Features added: * - Disable ceph (jsc#PED-7242) * - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). * - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). * - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8645) The following non-security bugs were fixed: - 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes). - ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: Fix memory resource type union access (git-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes). - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes). - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes). - ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes). - ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Check UMP support for midi_version change (git-fixes). - ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes). - ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes). - ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes). - ALSA: seq: ump: Use guard() for locking (stable-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes). - ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: US16x08: Initialize array before use (git-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes). - ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes). - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes). - ASoC: amd: yc: Fix the wrong return value (git-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: hdmi-codec: reorder channel allocation list (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Add already cherry-picked ids to AMDGPU patch - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes). - Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: MGMT: Fix possible deadlocks (git-fixes). - Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes). - Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - Bluetooth: iso: Fix recursive locking warning (git-fixes). - Delete XHCI patch for regression (bsc#1235550) - Disable ceph (jsc#PED-7242) - Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes). - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes). - Drop downstream TPM fix patch (bsc#1233260 bsc#1233259 bsc#1232421) - Drop uvcvideo fix due to regression (bsc#1235894) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - Move kABI workaround patch to correct folder - Move upstreamed DRM patch into sorted section - Move upstreamed NFS patch into sorted section - Move upstreamed TPM patch into sorted section - Move upstreamed lpfc patches into sorted section - Move upstreamed ppc patch into sorted section - Move upstreamed sound patch into sorted section - Move upstreamed sound patches into sorted section - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes). - NFSD: Async COPY result needs to return a write verifier (git-fixes). - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes). - NFSD: Fix nfsd4_shutdown_copy() (git-fixes). - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). - NFSD: Prevent a potential integer overflow (git-fixes). - NFSD: Remove a never-true comparison (git-fixes). - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes). - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes). - PCI/AER: Disable AER service on suspend (stable-fixes). - PCI/MSI: Handle lack of irqdomain gracefully (git-fixes). - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes). - PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes). - PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes). - PCI: Add T_PERST_CLK_US macro (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: Detect and trust built-in Thunderbolt chips (stable-fixes). - PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes). - PCI: Use preserve_config in place of pci_flags (stable-fixes). - PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes). - PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes). - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: j721e: Add PCIe 4x lane selection support (stable-fixes). - PCI: j721e: Add per platform maximum lane settings (stable-fixes). - PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes). - PCI: j721e: Add suspend and resume support (git-fixes). - PCI: j721e: Use T_PERST_CLK_US macro (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: qcom: Add support for IPQ9574 (stable-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes). - PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). - RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes) - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes) - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes) - RDMA/bnxt_re: Disable use of reserved wqes (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes) - RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes) - RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/bnxt_re: Remove always true dattr validity check (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes) - RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes) - RDMA/hns: Fix missing flush CQE for DWQE (git-fixes) - RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - RDMA/uverbs: Prevent integer overflow issue (git-fixes) - README.BRANCH: Remove copy of branch name - Refresh patches.suse/ALSA-hda-realtek-Add-support-for-Samsung-Galaxy-Book.patch. - Refresh patches.suse/cpufreq-intel_pstate-Temporarily-boost-P-state-when-.patch. - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146). - Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)' - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes). - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'unicode: Do not special case ignorable code points' (stable-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - Revert 'arm64: Kconfig: Make SME depend on BROKEN for now' This reverts commit 2ccfee6be929dd4ea49ef59a7ae686473aae40b6 CONFIG_ARM64_SME is enabled by default so some customers may rely on SME. We need further analysis to evaluate to what extent we are impacted and in case we'll disable SME support later. - Revert 0dd78566990 ('Disable ceph (jsc#PED-7242)') Apparently, jsc#PED-7242 is only deprecate ceph for 15-SP6 and disable for 15-SP7. Revert the disabling. - SUNRPC: make sure cache entry active before cache_show (git-fixes). - SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MediaTek T7XX compositions (stable-fixes). - USB: serial: option: add MeiG Smart SLM770A (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes). - USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes). - USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes). - accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes). - accel/habanalabs: fix debugfs files permissions (stable-fixes). - accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes). - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes). - af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725). - afs: Automatically generate trace tag enums (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix missing subdir edit when renamed between parent dirs (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - amdgpu/uvd: get ring reference from rq scheduler (git-fixes). - arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773). - arch: Remove cmpxchg_double (bsc#1220773). - arch: consolidate arch_irq_work_raise prototypes (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Force position-independent veneers (git-fixes). - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) Update arm64 default configuration file - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes). - arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). - batman-adv: Do not let TT changes list grows indefinitely (git-fixes). - batman-adv: Do not send uninitialized TT changes (git-fixes). - batman-adv: Remove uninitialized data in full table TT response (git-fixes). - blacklist.conf: printk/sysctl: breaks kernel without pre-requisite patches (bsc#1229025) - blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726). - blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139). - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144). - blk-iocost: do not WARN if iocg was already offlined (bsc#1234147). - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140). - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149). - block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150). - block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160). - block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280). - block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279). - block/mq-deadline: Fix the tag reservation code (bsc#1234148). - block: Call .limit_depth() after .hctx has been set (bsc#1234148). - block: Fix where bio IO priority gets set (bsc#1234145). - block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142). - block: update the stable_writes flag in bdev_add (bsc#1234141). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes). - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes). - bnxt_en: Set backplane link modes correctly for ethtool (git-fixes). - bpf, x86: Fix PROBE_MEM runtime load check (git-fixes). - bpf: verifier: prevent userspace memory access (git-fixes). - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128) - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes). - can: j1939: fix error in J1939 documentation (stable-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - checkpatch: always parse orig_commit in fixes tag (git-fixes). - checkpatch: check for missing Fixes tags (stable-fixes). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes). - clocksource/drivers:sp804: Make user selectable (git-fixes). - counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes). - counter: ti-ecap-capture: Add check for clk_enable() (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qat - disable IOV in adf_dev_stop() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes). - cyrpto/b128ops: Remove struct u128 (bsc#1220773). - devcoredump: cleanup some comments (git-fixes). - devlink: Fix length of eswitch inline-mode (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dma-buf: fix dma_fence_array_signaled v4 (stable-fixes). - dma-debug: fix a possible deadlock on radix_lock (stable-fixes). - dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes). - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes). - dmaengine: dw: Select only supported masters for ACPI devices (git-fixes). - dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). - dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes). - dmaengine: tegra: Return correct DMA status when paused (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - driver core: fw_devlink: Improve logs for cycle detection (stable-fixes). - driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes). - drm/amd/display: Add HDR workaround for specific eDP (stable-fixes). - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes). - drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Revert Avoid overflow assignment (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amd/pm: fix the high voltage issue after unload (stable-fixes). - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes). - drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes). - drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes). - drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes). - drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes). - drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes). - drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes). - drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: add raven1 gfxoff quirk (stable-fixes). - drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes). - drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes). - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes). - drm/amdgpu: do not access invalid sched (git-fixes). - drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes). - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes). - drm/amdgpu: fix usage slab after free (stable-fixes). - drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes). - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes). - drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes). - drm/amdkfd: Use device based logging for errors (stable-fixes). - drm/amdkfd: Use the correct wptr size (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/amdkfd: pause autosuspend when creating pdd (stable-fixes). - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/bridge: it6505: Enable module autoloading (stable-fixes). - drm/bridge: it6505: Fix inverted reset polarity (git-fixes). - drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes). - drm/display: Fix building with GCC 15 (stable-fixes). - drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes). - drm/dp_mst: Fix MST sideband message body length check (stable-fixes). - drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes). - drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes). - drm/i915/dg1: Fix power gate sequence (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes). - drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes). - drm/mcde: Enable module autoloading (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes). - drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes). - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes). - drm/printer: Allow NULL data in devcoredump printer (stable-fixes). - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes). - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes). - drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes). - drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes). - drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes). - drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - drm: adv7511: Drop dsi single lane support (git-fixes). - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes). - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - erofs: avoid debugging output for (de)compressed data (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). - ext4: add a new helper to check if es must be kept (bsc#1234170). - ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164). - ext4: add missed brelse in update_backups (bsc#1234171). - ext4: allow for the last group to be marked as trimmed (bsc#1234278). - ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191). - ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180). - ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193). - ext4: avoid overlapping preallocations due to overflow (bsc#1234162). - ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192). - ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187). - ext4: check the extent status again before inserting delalloc block (bsc#1234186). - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190). - ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178). - ext4: correct best extent lstart adjustment logic (bsc#1234179). - ext4: correct grp validation in ext4_mb_good_group (bsc#1234163). - ext4: correct return value of ext4_convert_meta_bg (bsc#1234172). - ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178). - ext4: correct the start block of counting reserved clusters (bsc#1234169). - ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166). - ext4: do not trim the group with corrupted block bitmap (bsc#1234177). - ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170). - ext4: factor out a common helper to query extent map (bsc#1234186). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176). - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188). - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188). - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix potential unnitialized variable (bsc#1234183). - ext4: fix race between writepages and remount (bsc#1234168). - ext4: fix rec_len verify error (bsc#1234167). - ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170). - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185). - ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178). - ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170). - ext4: make ext4_es_insert_extent() return void (bsc#1234170). - ext4: make ext4_es_remove_extent() return void (bsc#1234170). - ext4: make ext4_zeroout_es() return void (bsc#1234170). - ext4: make sure allocate pending entry not fail (bsc#1234170). - ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175). - ext4: move 'ix' sanity check to corrent position (bsc#1234174). - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165). - ext4: nested locking for xattr inode (bsc#1234189). - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194). - ext4: refactor ext4_da_map_blocks() (bsc#1234178). - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173). - ext4: remove the redundant folio_wait_stable() (bsc#1234184). - ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182). - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181). - ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170). - ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - filemap: Fix bounds checking in filemap_read() (bsc#1234209). - filemap: add a per-mapping stable writes flag (bsc#1234141). - firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes). - fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200). - fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207). - fsnotify: fix sending inotify event with unexpected filename (bsc#1234198). - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes). - genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes). - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: grgpio: Add NULL check in grgpio_probe (git-fixes). - gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - hfsplus: do not query the device logical block size multiple times (git-fixes). - hvc/xen: fix console unplug (git-fixes). - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes). - hvc/xen: fix event channel handling for secondary consoles (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes). - hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes). - hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes). - hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes). - hwmon: (tmp513) Fix Current Register value interpretation (git-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes). - hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes). - hwmon: (tmp513) Use SI constants from units.h (stable-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes). - i2c: microchip-core: actually use repeated sends (git-fixes). - i2c: microchip-core: fix 'ghost' detections (git-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: pnx: Fix timeout in wait functions (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: riic: Always round-up when calculating bus period (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - i40e: Fix handling changed priv flags (git-fixes). - i915/guc: Accumulate active runtime on gt reset (git-fixes). - i915/guc: Ensure busyness counter increases motonically (git-fixes). - i915/guc: Reset engine utilization buffer before registration (git-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ice: Unbind the workqueue (bsc#1234989) - ice: change q_index variable type to s16 to store -1 value (git-fixes). - ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes). - ice: fix PHY Clock Recovery availability check (git-fixes). - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - igb: Fix potential invalid memory access in igb_init_module() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - instrumentation: Wire up cmpxchg128() (bsc#1220773). - intel_th: core: fix kernel-doc warnings (git-fixes). - io_uring/rw: avoid punting to io-wq directly (git-fixes). - io_uring/tctx: work around xa_store() allocation error issue (git-fixes). - io_uring: Fix registered ring file refcount leak (git-fixes). - io_uring: always lock __io_cqring_overflow_flush (git-fixes). - io_uring: check if iowq is killed before queuing (git-fixes). - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes). - isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199). - ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes). - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes). - jffs2: Fix rtime decompressor (git-fixes). - jffs2: Prevent rtime decompress memory corruption (git-fixes). - jffs2: fix use of uninitialized variable (git-fixes). - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes). - jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). - jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). - jfs: fix shift-out-of-bounds in dbSplit (git-fixes). - jfs: xattr: check invalid xattr size more strictly (git-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes). - kabi/severities: make vcap_find_actionfield PASS (bsc#1220773) - kasan: make report_lock a raw spinlock (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kdb: Fix buffer overflow during tab-complete (bsc#1234652). - kdb: Fix console handling when editing and tab-completing commands (bsc#1234655). - kdb: Merge identical case statements in kdb_read() (bsc#1234657). - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658). - kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654). - kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654). - kdb: address -Wformat-security warnings (bsc#1234659). - kgdb: Flush console before entering kgdb on panic (bsc#1234651). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes). - locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix). - loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143). - mac80211: fix user-power when emulating chanctx (stable-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes). - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes). - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - mfd: da9052-spi: Change read-mask to write-mask (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/readahead: do not allow order-1 folio (bsc#1234205). - mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes). - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes). - mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes). - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes). - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes). - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes). - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes). - mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes). - mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes). - net/ipv6: release expired exception dst cached in socket (bsc#1216813). - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes). - net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes). - net/mlx5e: clear xdp features on non-uplink representors (git-fixes). - net/qed: allow old cards not supporting 'num_images' to work (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes). - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Quectel RG650V (stable-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nfs: ignore SB_RDONLY when mounting nfs (git-fixes). - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes). - nfsd: make sure exp active before svc_export_show (git-fixes). - nfsd: release svc_expkey/svc_export with rcu_work (git-fixes). - nfsd: restore callback functionality for NFSv4.0 (git-fixes). - nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). - nilfs2: prevent use of deleted inode (git-fixes). - nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes). - nvme-rdma: unquiesce admin_q before destroy it (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme-tcp: fix the memleak while create new ctrl failed (git-fixes). - nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: apple: fix device reference counting (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvme: fix metadata handling in nvme-passthrough (git-fixes). - nvmet-loop: avoid using mutex in IO hotpath (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes). - ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes). - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes). - of: Fix error path in of_parse_phandle_with_args_map() (git-fixes). - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes). - of: address: Report error on resource bounds overflow (stable-fixes). - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - parisc: Raise minimal GCC version (bsc#1220773). - parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix). - percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773). - percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix). - percpu: Wire up cmpxchg128 (bsc#1220773). - phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes). - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes). - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes). - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes). - phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes). - phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes). - phy: rockchip: naneng-combphy: fix phy reset (git-fixes). - phy: usb: Toggle the PHY power during init (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes). - pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes). - pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - pinmux: Use sequential access to access desc->pinmux data (stable-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes). - platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes). - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes). - platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - power: supply: gpio-charger: Fix set charge current limits (git-fixes). - powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - quota: Fix rcu annotations of inode dquot pointers (bsc#1234197). - quota: explicitly forbid quota files from being encrypted (bsc#1234196). - quota: flush quota_release_work upon quota writeback (bsc#1234195). - quota: simplify drop_dquot_ref() (bsc#1234197). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208). - regmap: Use correct format specifier for logging range errors (stable-fixes). - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390/cio: Do not unregister the subchannel based on DNV (git-fixes). - s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773). - s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes). - s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes). - s390/facility: Disable compile time optimization for decompressor code (git-fixes). - s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes). - s390/pageattr: Implement missing kernel_page_present() (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - scatterlist: fix incorrect func name in kernel-doc (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)). - scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409). - scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409). - scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409). - scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409). - scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409). - scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409). - scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409). - scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409). - scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409). - scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409). - scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406). - scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406). - scsi: qla2xxx: Fix use after free on unload (bsc#1235406). - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406). - scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406). - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406). - scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406). - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes). - serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes). - serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes). - serial: 8250_fintek: Add support for F81216E (stable-fixes). - serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes). - serial: amba-pl011: Fix RX stall when DMA is used (git-fixes). - serial: amba-pl011: Use port lock wrappers (stable-fixes). - serial: amba-pl011: fix build regression (git-fixes). - serial: do not use uninitialized value in uart_poll_init() (git-fixes). - serial: imx: only set receiver level if it is zero (git-fixes). - serial: imx: set receiver level before starting uart (git-fixes). - serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes). - serial: qcom-geni: disable interrupts during console writes (git-fixes). - serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes). - serial: qcom-geni: fix console corruption (git-fixes). - serial: qcom-geni: fix dma rx cancellation (git-fixes). - serial: qcom-geni: fix false console tx restart (git-fixes). - serial: qcom-geni: fix fifo polling timeout (git-fixes). - serial: qcom-geni: fix hard lockup on buffer flush (git-fixes). - serial: qcom-geni: fix polled console corruption (git-fixes). - serial: qcom-geni: fix polled console initialisation (git-fixes). - serial: qcom-geni: fix receiver enable (git-fixes). - serial: qcom-geni: fix shutdown race (git-fixes). - serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes). - serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes). - serial: qcom-geni: revert broken hibernation support (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes). - serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes). - series.conf: temporarily disable upstream patch patches.suse/ocfs2-fix-UBSAN-warning-in-ocfs2_verify_volume.patch (bsc#1236138) - slub: Replace cmpxchg_double() (bsc#1220773). - slub: Replace cmpxchg_double() - KABI fix (bsc#1220773). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642] - soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes). - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes). - soc: imx8m: Probe the SoC driver as platform driver (stable-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: Add check devm_kasprintf() returned value (stable-fixes). - soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes). - soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes). - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes). - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8645) - svcrdma: Address an integer overflow (git-fixes). - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes). - swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes). - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes). - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tools: hv: change permissions of NetworkManager configuration file (git-fixes). - tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tpm_tis_spi: Release chip select when flow control fails (bsc#1234338) - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes). - types: Introduce [us]128 (bsc#1220773). - ubifs: Correct the total block count by deducting journal reservation (git-fixes). - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - udf: Fix lock ordering in udf_evict_inode() (bsc#1234238). - udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243). - udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239). - udf: refactor inode_bmap() to handle error (bsc#1234242). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes). - usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes). - usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes). - usb: dwc2: Fix HCD port connection race (git-fixes). - usb: dwc2: Fix HCD resume (git-fixes). - usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes). - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes). - usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes). - usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes). - usb: host: max3421-hcd: Correctly abort a USB request (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes). - usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes). - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes). - vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes). - vdpa: solidrun: Fix UB bug with devres (git-fixes). - vfs: fix readahead(2) on block devices (bsc#1234201). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes). - wifi: ath5k: add PCI ID for SX76X (git-fixes). - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix station NSS capability initialization order (git-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes). - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416). - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203). - x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773). - x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773). - x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). - xfs: do not allocate COW extents when unsharing a hole (git-fixes). - xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes). - xfs: remove unknown compat feature check in superblock write validation (git-fixes). - xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes). - xfs: sb_spino_align is not verified (git-fixes). - xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes). - xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes). The following package changes have been done: - kernel-rt-6.4.0-25.1 updated - container:SL-Micro-container-2.2.0-4.14 updated From sle-container-updates at lists.suse.com Fri Mar 28 08:17:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Mar 2025 09:17:22 +0100 (CET) Subject: SUSE-CU-2025:2191-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250328081722.36693FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2191-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.20 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.20 Severity : moderate Type : recommended References : 1227316 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). The following package changes have been done: - gettext-runtime-0.21.1-150600.3.3.2 updated - libtextstyle0-0.21.1-150600.3.3.2 updated From sle-container-updates at lists.suse.com Fri Mar 28 08:18:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Mar 2025 09:18:29 +0100 (CET) Subject: SUSE-CU-2025:2193-1: Recommended update of suse/nginx Message-ID: <20250328081829.D5015FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2193-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.46 , suse/nginx:latest Container Release : 51.46 Severity : moderate Type : recommended References : 1227316 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). The following package changes have been done: - libtextstyle0-0.21.1-150600.3.3.2 updated - gettext-runtime-0.21.1-150600.3.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-57c75e42c0f7227e16aa1a75766b5d5776ee66f823f628143d4a1aff7f324135-0 updated From sle-container-updates at lists.suse.com Fri Mar 28 08:25:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Mar 2025 09:25:22 +0100 (CET) Subject: SUSE-CU-2025:2203-1: Recommended update of suse/sle15 Message-ID: <20250328082522.2896BFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2203-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.22 , suse/sle15:15.6 , suse/sle15:15.6.47.20.22 Container Release : 47.20.22 Severity : moderate Type : recommended References : 1236818 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1047-1 Released: Thu Mar 27 18:56:36 2025 Summary: Recommended update for branding-SLE Type: recommended Severity: moderate References: 1236818 This update for branding-SLE fixes the following issue: - Update plymouth theme to fix splash screen element placement issue (bsc#1236818). The following package changes have been done: - branding-SLE-15-150600.45.3.2 updated From sle-container-updates at lists.suse.com Fri Mar 28 08:27:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Mar 2025 09:27:10 +0100 (CET) Subject: SUSE-CU-2025:2211-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250328082710.C841FFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2211-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.63 Container Release : 4.63 Severity : moderate Type : recommended References : 1227316 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). The following package changes have been done: - sles-release-15.7-150700.24.4 updated - libtextstyle0-0.21.1-150600.3.3.2 updated - gettext-runtime-0.21.1-150600.3.3.2 updated - gettext-tools-0.21.1-150600.3.3.2 updated - container:sles15-image-15.7.0-4.2.46 updated From sle-container-updates at lists.suse.com Fri Mar 28 12:41:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Mar 2025 13:41:33 +0100 (CET) Subject: SUSE-CU-2025:2228-1: Recommended update of suse/pcp Message-ID: <20250328124133.8AC46FCE3@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2228-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.57 , suse/pcp:latest Container Release : 42.57 Severity : moderate Type : recommended References : 1227316 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). The following package changes have been done: - libtextstyle0-0.21.1-150600.3.3.2 updated - gettext-runtime-0.21.1-150600.3.3.2 updated - container:bci-bci-init-15.6-530a78314e5ae13fabdd04453954c6c309d0db7d215409e00b6c74173739563a-0 updated From sle-container-updates at lists.suse.com Fri Mar 28 17:09:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Mar 2025 18:09:08 +0100 (CET) Subject: SUSE-CU-2025:2253-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250328170908.86ADEFCE3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2253-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.23 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.23 Severity : moderate Type : recommended References : 1227316 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). The following package changes have been done: - libtextstyle0-0.21.1-150600.3.3.2 updated - gettext-runtime-0.21.1-150600.3.3.2 updated - gettext-tools-0.21.1-150600.3.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-bb48cbec1e41709b9db227bbf0a75388519a88a7a87d3249734d2e37c63ab515-0 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:06:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:06:12 +0100 (CET) Subject: SUSE-CU-2025:2256-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250329080612.70311FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2256-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.104 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.104 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:07:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:07:31 +0100 (CET) Subject: SUSE-CU-2025:2257-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250329080731.0C4E3FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2257-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.104 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.104 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:07:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:07:58 +0100 (CET) Subject: SUSE-CU-2025:2258-1: Security update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20250329080758.EAD1DFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2258-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.5.33 , suse/ltss/sle15.4/bci-base-fips:latest Container Release : 5.33 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:10:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:10:45 +0100 (CET) Subject: SUSE-CU-2025:2259-1: Security update of suse/389-ds Message-ID: <20250329081045.24D74FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2259-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.20 , suse/389-ds:latest Container Release : 36.20 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:11:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:11:09 +0100 (CET) Subject: SUSE-CU-2025:2260-1: Security update of bci/bci-base-fips Message-ID: <20250329081109.055BDFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2260-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.20.19 , bci/bci-base-fips:latest Container Release : 20.19 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:11:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:11:48 +0100 (CET) Subject: SUSE-CU-2025:2261-1: Security update of bci/kiwi Message-ID: <20250329081148.671D5FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2261-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.25 , bci/kiwi:latest Container Release : 22.25 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - python3-devel-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:11:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:11:49 +0100 (CET) Subject: SUSE-CU-2025:2262-1: Recommended update of suse/kubectl Message-ID: <20250329081149.844F9FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2262-1 Container Tags : suse/kubectl:1.29 , suse/kubectl:1.29.14 , suse/kubectl:1.29.14-2.36.1 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.36.1 Container Release : 36.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:972-1 Released: Thu Mar 20 19:19:36 2025 Summary: Feature update for kubernetes-old client Type: optional Severity: moderate References: This update for kubernetes-old client fixes the following issues: This update ships the kubernetes client for version 1.29.14. The following package changes have been done: - kubernetes1.29-client-1.29.14-150600.13.4.1 added - kubernetes1.29-client-common-1.29.14-150600.13.4.1 added - kubernetes1.28-client-1.28.13-150400.9.10.1 removed - kubernetes1.28-client-common-1.28.13-150400.9.10.1 removed From sle-container-updates at lists.suse.com Sat Mar 29 08:11:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:11:50 +0100 (CET) Subject: SUSE-CU-2025:2263-1: Recommended update of suse/kubectl Message-ID: <20250329081150.8A9CFFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2263-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.6 , suse/kubectl:1.31.6-1.36.1 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.36.1 Container Release : 36.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:996-1 Released: Mon Mar 24 18:06:54 2025 Summary: Feature update for kubernetes-client Type: optional Severity: moderate References: This update for the kubernetes client fixes the following issues: This update ships the kubernetes 1.31.6 client. The following package changes have been done: - kubernetes1.31-client-1.31.6-150600.13.4.1 added - kubernetes1.31-client-common-1.31.6-150600.13.4.1 added - kubernetes1.29-client-1.29.14-150600.13.4.1 removed - kubernetes1.29-client-common-1.29.14-150600.13.4.1 removed From sle-container-updates at lists.suse.com Sat Mar 29 08:12:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:12:55 +0100 (CET) Subject: SUSE-CU-2025:2266-1: Security update of bci/python Message-ID: <20250329081255.3BC80FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2266-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.49 Container Release : 60.49 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - python3-devel-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:14:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:14:47 +0100 (CET) Subject: SUSE-CU-2025:2267-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250329081447.211DFFB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2267-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.24 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.24 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:15:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:15:24 +0100 (CET) Subject: SUSE-CU-2025:2268-1: Security update of bci/spack Message-ID: <20250329081524.10324FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2268-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-5.18 , bci/spack:latest Container Release : 5.18 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:15:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:15:33 +0100 (CET) Subject: SUSE-CU-2025:2269-1: Security update of bci/bci-base-fips Message-ID: <20250329081533.D40D6FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2269-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-3.70 Container Release : 3.70 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:15:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:15:43 +0100 (CET) Subject: SUSE-CU-2025:2270-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250329081543.53293FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2270-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.64 Container Release : 4.64 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:16:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:16:48 +0100 (CET) Subject: SUSE-CU-2025:2271-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250329081648.91A30FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2271-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.6 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.6 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:17:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:17:31 +0100 (CET) Subject: SUSE-CU-2025:2272-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250329081731.95367FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2272-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.8 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.8 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:18:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:18:54 +0100 (CET) Subject: SUSE-CU-2025:2274-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250329081854.180E8FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2274-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.15 , suse/manager/4.3/proxy-ssh:4.3.15.9.53.4 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.53.4 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:19:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:19:37 +0100 (CET) Subject: SUSE-CU-2025:2275-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250329081937.CE53AFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2275-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.15 , suse/manager/4.3/proxy-tftpd:4.3.15.9.53.4 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.53.4 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:20:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:20:56 +0100 (CET) Subject: SUSE-CU-2025:2276-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250329082056.2160BFB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2276-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.100 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.100 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Sat Mar 29 08:24:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Mar 2025 09:24:47 +0100 (CET) Subject: SUSE-CU-2025:2278-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250329082447.136F5FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2278-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.102 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.102 Severity : moderate Type : security References : 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Mon Mar 31 08:02:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 31 Mar 2025 10:02:28 +0200 (CEST) Subject: SUSE-CU-2025:2284-1: Security update of suse/mariadb Message-ID: <20250331080228.38436FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2284-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.34 , suse/mariadb:latest Container Release : 62.34 Severity : important Type : security References : 1233307 1234015 1236643 1236886 CVE-2024-11168 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - libsystemd0-254.24-150600.4.28.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated