SUSE-SU-2022:2116-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Jun 20 13:17:51 UTC 2022
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2116-1
Rating: important
References: #1024718 #1055117 #1061840 #1065729 #1129770
#1158266 #1162338 #1162369 #1173871 #1188885
#1194124 #1195651 #1196426 #1196570 #1197219
#1197601 #1198438 #1198577 #1198899 #1199035
#1199063 #1199237 #1199239 #1199314 #1199399
#1199426 #1199505 #1199507 #1199526 #1199602
#1199605 #1199606 #1199631 #1199650 #1199671
#1199839 #1200015 #1200045 #1200057 #1200143
#1200144 #1200173 #1200249
Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2021-39711
CVE-2022-1184 CVE-2022-1652 CVE-2022-1729
CVE-2022-1734 CVE-2022-1966 CVE-2022-1974
CVE-2022-1975 CVE-2022-21123 CVE-2022-21125
CVE-2022-21127 CVE-2022-21166 CVE-2022-21180
CVE-2022-21499 CVE-2022-30594
CVSS scores:
CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
SUSE Linux Enterprise High Performance Computing 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________
An update that solves 17 vulnerabilities and has 26 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited
to speculatively/transiently disclose information via spectre like
attacks. (bsc#1199650)
- CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux
kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
simulating an nfc device from user-space. (bsc#1200144)
- CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem.
This flaw allowed a local attacker with user access to cause a privilege
escalation issue. (bnc#1200015)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an
attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
(bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's
been trivial to break out of it with kgdb or kdb. (bsc#1199426)
- CVE-2022-1652: Fixed a statically allocated error counter inside the
floppy kernel module (bsc#1199063).
- CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
cleanup routine and firmware download routine. (bnc#1199605)
- CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a
possible out of bounds read due to Incorrect Size Value. This could lead
to local information disclosure with System execution privileges needed.
User interaction is not needed for exploitation (bnc#1197219).
- CVE-2022-30594: Fixed restriction bypass on setting the
PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the
Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed
an authenticated user to potentially enable denial of service via local
access (bnc#1196426).
The following non-security bugs were fixed:
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
- arm64: set plt* section addresses to 0x0 (git-fixes)
- arm64: Add missing ISB after invalidating TLB in __primary_switch
(git-fixes)
- arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes)
- arm64: avoid -Woverride-init warning (git-fixes)
- arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default
config too.
- arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
(git-fixes).
- arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
- arm64: compat: Reduce address limit (git-fixes)
- arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
(git-fixes)
- arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
- arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
- arm64: csum: Fix handling of bad packets (git-fixes)
- arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug
(git-fixes)
- arm64: debug: Ensure debug handlers check triggering exception level
(git-fixes)
- arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
- arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes)
- arm64: Extend workaround for erratum 1024718 to all versions of
(git-fixes)
- arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: Fix size of __early_cpu_boot_status (git-fixes)
- arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes)
- arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
- arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
(git-fixes)
- arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
(git-fixes)
- arm64: futex: Restore oldval initialization to work around buggy
(git-fixes)
- arm64: hibernate: check pgd table allocation (git-fixes)
- arm64: hugetlb: avoid potential NULL dereference (git-fixes)
- arm64: hw_breakpoint: Do not invoke overflow handler on uaccess
(git-fixes)
- arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
- arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
- arm64: kgdb: Fix single-step exception handling oops (git-fixes)
- arm64: kprobes: Recover pstate.D in single-step exception handler
(git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled
(git-fixes)
- arm64: Relax GIC version check during early boot (git-fixes)
- arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
- arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes)
- arm64: smp: fix smp_send_stop() behaviour (git-fixes)
- arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess
(git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
(git-fixes)
- arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes)
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (bsc#1199399).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
cpuset_init_smp() (bsc#1199839).
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- crypto: arm64/aes-neonbs - do not access already-freed walk.iv
(git-fixes)
- crypto: ixp4xx - dma_unmap the correct address (git-fixes).
- crypto: qat - do not cast parameter in bit operations (git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
(bsc#1197601).
- crypto: virtio - deal with unsupported input sizes (git-fixes).
- crypto: virtio: Fix dest length calculation in
__virtio_crypto_skcipher_do_req() (git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list
iterator (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drivers: net: xgene: Fix regression in CRC stripping (git-fixes).
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
- i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes).
- i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
- i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc
(git-fixes).
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes).
- i40e: Fix virtchnl_queue_select bitmap validation (git-fixes).
- i40e: Refactoring VF MAC filters counting to make more reliable
(git-fixes).
- i40e: Remove scheduling while atomic possibility (git-fixes).
- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- Input: appletouch - initialize work before device registration
(git-fixes).
- Input: elantench - fix misreporting trackpoint coordinates (git-fixes).
- Input: spaceball - fix parsing of movement data packets (git-fixes).
- Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
- Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- KVM: PPC: Propagate errors to the guest when failed instead of ignoring
(bsc#1061840 git-fixes).
- lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).
- media: cpia2: fix control-message timeouts (git-fixes).
- media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
- media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
- media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
- media: em28xx: fix control-message timeouts.
- media: flexcop-usb: fix control-message timeouts (git-fixes).
- media: mceusb: fix control-message timeouts (git-fixes).
- media: mtk-vpu: Fix a resource leak in the error handling path of
'mtk_vpu_probe()' (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path
(git-fixes).
- media: pvrusb2: fix control-message timeouts (git-fixes).
- media: redrat3: fix control-message timeouts (git-fixes).
- media: s2255: fix control-message timeouts (git-fixes).
- media: stk1160: fix control-message timeouts (git-fixes).
- media: vim2m: Remove surplus name initialization (git-fixes).
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- net: bcmgenet: Do not claim WOL when its not available (git-fixes).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region()
(bsc#1195651).
- net: qlogic: check the return value of dma_alloc_coherent() in
qed_vf_hw_prepare() (git-fixes).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(git-fixes).
- netfilter: conntrack: connection timeout after re-register (bsc#1199035).
- netfilter: conntrack: move synack init code to helper (bsc#1199035).
- netfilter: conntrack: re-init state for retransmitted syn-ack
(bsc#1199035).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
(bsc#1199035).
- netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
- netfilter: nf_tables: disallow non-stateful expression in sets earlier
(bsc#1200015).
- NFS: Do not invalidate inode attributes on delegation return (git-fixes).
- NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
- PCI / ACPI: Mark expected switch fall-through (git-fixes).
- PCI: Do not enable AtomicOps on VFs (bsc#1129770)
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
(bsc#1199314).
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
ltc#159753).
- powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
(bsc#1061840 git-fixes).
- powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173
ltc#198329).
- powerpc/powernv: Get L1D flush requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get STF barrier requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess
flushes (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xive: Add some error handling code to 'xive_spapr_init()'
(git-fixes).
- powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
- qed: display VF trust config (git-fixes).
- qed: return status of qed_iov_get_link (git-fixes).
- qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
- revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
- sched/core: Add __sched tag for io_schedule() (git-fixes)
- sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes)
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
- scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
(git-fixes).
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
(git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
(git-fixes).
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init and module_exit
(git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
- smp: Fix offline cpu check in flush_smp_call_function_queue()
(git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- SUNRPC: Ensure that the gssproxy client can start in a connected state
(git-fixes).
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
(bsc#1065729).
- USB: cdc-wdm: fix reading stuck on device close (git-fixes).
- USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- USB: dwc3: gadget: Do not send unintended link state change (git-fixes).
- USB: hub: Fix locking issues with address0_mutex (git-fixes).
- USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
- USB: quirks: add a Realtek card reader (git-fixes).
- USB: quirks: add STRING quirk for VCOM device (git-fixes).
- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
- USB: serial: option: add Fibocom L610 modem (git-fixes).
- USB: serial: option: add Fibocom MA510 modem (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
(git-fixes).
- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
(git-fixes).
- USB: serial: pl2303: add device id for HP LM930 Display (git-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM7590
(git-fixes).
- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
(git-fixes).
- veth: Ensure eth header is in skb's linear part (git-fixes).
- video: backlight: Drop maximum brightness override for brightness
(bsc#1129770)
- video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
- vxlan: fix memleak of fdb (git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2116=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2116=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2116=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2116=1
- SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2116=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.124.3
kernel-default-debugsource-4.12.14-122.124.3
kernel-default-extra-4.12.14-122.124.3
kernel-default-extra-debuginfo-4.12.14-122.124.3
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.12.14-122.124.3
kernel-obs-build-debugsource-4.12.14-122.124.3
- SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.124.2
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.124.3
kernel-default-base-4.12.14-122.124.3
kernel-default-base-debuginfo-4.12.14-122.124.3
kernel-default-debuginfo-4.12.14-122.124.3
kernel-default-debugsource-4.12.14-122.124.3
kernel-default-devel-4.12.14-122.124.3
kernel-syms-4.12.14-122.124.2
- SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.124.3
- SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.124.2
kernel-macros-4.12.14-122.124.2
kernel-source-4.12.14-122.124.2
- SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.124.3
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.124.3
kernel-default-debugsource-4.12.14-122.124.3
kernel-default-kgraft-4.12.14-122.124.3
kernel-default-kgraft-devel-4.12.14-122.124.3
kgraft-patch-4_12_14-122_124-default-1-8.3.3
- SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.124.3
cluster-md-kmp-default-debuginfo-4.12.14-122.124.3
dlm-kmp-default-4.12.14-122.124.3
dlm-kmp-default-debuginfo-4.12.14-122.124.3
gfs2-kmp-default-4.12.14-122.124.3
gfs2-kmp-default-debuginfo-4.12.14-122.124.3
kernel-default-debuginfo-4.12.14-122.124.3
kernel-default-debugsource-4.12.14-122.124.3
ocfs2-kmp-default-4.12.14-122.124.3
ocfs2-kmp-default-debuginfo-4.12.14-122.124.3
References:
https://www.suse.com/security/cve/CVE-2019-19377.html
https://www.suse.com/security/cve/CVE-2021-33061.html
https://www.suse.com/security/cve/CVE-2021-39711.html
https://www.suse.com/security/cve/CVE-2022-1184.html
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-1729.html
https://www.suse.com/security/cve/CVE-2022-1734.html
https://www.suse.com/security/cve/CVE-2022-1966.html
https://www.suse.com/security/cve/CVE-2022-1974.html
https://www.suse.com/security/cve/CVE-2022-1975.html
https://www.suse.com/security/cve/CVE-2022-21123.html
https://www.suse.com/security/cve/CVE-2022-21125.html
https://www.suse.com/security/cve/CVE-2022-21127.html
https://www.suse.com/security/cve/CVE-2022-21166.html
https://www.suse.com/security/cve/CVE-2022-21180.html
https://www.suse.com/security/cve/CVE-2022-21499.html
https://www.suse.com/security/cve/CVE-2022-30594.html
https://bugzilla.suse.com/1024718
https://bugzilla.suse.com/1055117
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1129770
https://bugzilla.suse.com/1158266
https://bugzilla.suse.com/1162338
https://bugzilla.suse.com/1162369
https://bugzilla.suse.com/1173871
https://bugzilla.suse.com/1188885
https://bugzilla.suse.com/1194124
https://bugzilla.suse.com/1195651
https://bugzilla.suse.com/1196426
https://bugzilla.suse.com/1196570
https://bugzilla.suse.com/1197219
https://bugzilla.suse.com/1197601
https://bugzilla.suse.com/1198438
https://bugzilla.suse.com/1198577
https://bugzilla.suse.com/1198899
https://bugzilla.suse.com/1199035
https://bugzilla.suse.com/1199063
https://bugzilla.suse.com/1199237
https://bugzilla.suse.com/1199239
https://bugzilla.suse.com/1199314
https://bugzilla.suse.com/1199399
https://bugzilla.suse.com/1199426
https://bugzilla.suse.com/1199505
https://bugzilla.suse.com/1199507
https://bugzilla.suse.com/1199526
https://bugzilla.suse.com/1199602
https://bugzilla.suse.com/1199605
https://bugzilla.suse.com/1199606
https://bugzilla.suse.com/1199631
https://bugzilla.suse.com/1199650
https://bugzilla.suse.com/1199671
https://bugzilla.suse.com/1199839
https://bugzilla.suse.com/1200015
https://bugzilla.suse.com/1200045
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1200143
https://bugzilla.suse.com/1200144
https://bugzilla.suse.com/1200173
https://bugzilla.suse.com/1200249
More information about the sle-security-updates
mailing list