SUSE-IU-2022:1118-1: Security update of sles-15-sp3-chost-byos-v20221019-x86-64
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Sat Oct 22 07:10:09 UTC 2022
SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20221019-x86-64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2022:1118-1
Image Tags : sles-15-sp3-chost-byos-v20221019-x86-64:20221019
Image Release :
Severity : critical
Type : security
References : 1023051 1027519 1047178 1065729 1142847 1150130 1156395 1157805
1164550 1164569 1167608 1177179 1178134 1179722 1179723 1181475
1181862 1181994 1185104 1185882 1186272 1188006 1189282 1189802
1191036 1191662 1191667 1191881 1192594 1192968 1193081 1194272
1194319 1194535 1194557 1195059 1195391 1195773 1196616 1197081
1197158 1197178 1197755 1197756 1197757 1197760 1197763 1197920
1198341 1198405 1198731 1198752 1198823 1198829 1198830 1198832
1198925 1198971 1199079 1199093 1199140 1199283 1199291 1199364
1199492 1199524 1199647 1199665 1199670 1199895 1200015 1200270
1200431 1200485 1200521 1200570 1200598 1200641 1200644 1200651
1200697 1200698 1200700 1200701 1200732 1200762 1200762 1200800
1200842 1200845 1200868 1200869 1200870 1200871 1200872 1200873
1200884 1200902 1200903 1200904 1200910 1200993 1200994 1201019
1201051 1201092 1201132 1201133 1201134 1201135 1201136 1201150
1201151 1201152 1201153 1201154 1201155 1201196 1201206 1201249
1201251 1201356 1201359 1201363 1201381 1201394 1201420 1201429
1201442 1201458 1201511 1201576 1201610 1201620 1201631 1201635
1201636 1201638 1201644 1201645 1201664 1201672 1201673 1201676
1201680 1201705 1201726 1201783 1201846 1201863 1201930 1201940
1201942 1201948 1201954 1201956 1201958 1201972 1202020 1202046
1202049 1202050 1202051 1202096 1202097 1202100 1202101 1202154
1202175 1202310 1202346 1202347 1202393 1202396 1202414 1202420
1202421 1202447 1202511 1202512 1202515 1202552 1202564 1202577
1202593 1202599 1202624 1202636 1202672 1202687 1202689 1202701
1202708 1202709 1202710 1202711 1202712 1202713 1202714 1202715
1202716 1202717 1202718 1202720 1202722 1202745 1202756 1202810
1202811 1202821 1202826 1202860 1202862 1202868 1202895 1202898
1203018 1203063 1203098 1203107 1203116 1203117 1203135 1203136
1203137 1203438 1203649 1203806 1203807 CVE-2016-3695 CVE-2017-6512
CVE-2019-13224 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246
CVE-2020-26159 CVE-2020-27784 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558
CVE-2021-28689 CVE-2021-28861 CVE-2021-33655 CVE-2021-33656 CVE-2021-36690
CVE-2021-4155 CVE-2021-41819 CVE-2021-4203 CVE-2021-46828 CVE-2022-1116
CVE-2022-1462 CVE-2022-1706 CVE-2022-1720 CVE-2022-1968 CVE-2022-20166
CVE-2022-20368 CVE-2022-20369 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
CVE-2022-2129 CVE-2022-21505 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231
CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286
CVE-2022-2287 CVE-2022-2304 CVE-2022-2318 CVE-2022-2343 CVE-2022-2344
CVE-2022-2345 CVE-2022-24795 CVE-2022-2509 CVE-2022-2522 CVE-2022-2571
CVE-2022-2580 CVE-2022-2581 CVE-2022-2588 CVE-2022-2598 CVE-2022-26365
CVE-2022-26365 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-27404
CVE-2022-27405 CVE-2022-27406 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819
CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889
CVE-2022-2905 CVE-2022-2923 CVE-2022-2946 CVE-2022-29581 CVE-2022-2977
CVE-2022-3016 CVE-2022-3028 CVE-2022-31252 CVE-2022-32250 CVE-2022-33740
CVE-2022-33740 CVE-2022-33741 CVE-2022-33741 CVE-2022-33742 CVE-2022-33742
CVE-2022-33745 CVE-2022-33746 CVE-2022-33748 CVE-2022-35252 CVE-2022-35737
CVE-2022-36879 CVE-2022-36946 CVE-2022-37434 CVE-2022-39188 CVE-2022-39190
CVE-2022-40674
-----------------------------------------------------------------
The container sles-15-sp3-chost-byos-v20221019-x86-64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2875-1
Released: Tue Aug 23 13:19:13 2022
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154,CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616).
- CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
- CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154).
- CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598)
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665).
- CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015).
- CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).
The following non-security bugs were fixed:
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes).
- FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes).
- Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
- Fixed battery detection problem on macbooks (bnc#1201206).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes).
- KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes).
- KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes).
- KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes).
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes).
- KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).
- KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes).
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes).
- KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes).
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes).
- Sort in RETbleed backport into the sorted section Now that it is upstream..
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- amd-xgbe: Update DMA coherency values (git-fixes).
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- arm64: fix compat syscall return truncation (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: module: rework special section handling (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
- block: do not delete queue kobject before its children (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559).
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules.
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- crypto: qat - disable registration of algorithms (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- dm btree remove: assign new_root only when removal succeeds (git-fixes).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: conditionally disable 'recalculate' feature (git-fixes).
- dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
- dm persistent data: packed struct should have an aligned() attribute too (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk size (git-fixes).
- dm snapshot: flush merged data before committing metadata (git-fixes).
- dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size (git-fixes).
- dm: fix mempool NULL pointer race when completing IO (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes).
- do not call utsname() after ->nsproxy is NULL (bsc#1201196).
- drbd: fix potential silent data corruption (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/net: Fix kABI in tun.c (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- ftgmac100: Restart MAC HW once (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync during init (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559).
- kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559).
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559).
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- lib/string.c: implement stpcpy (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- macvlan: remove redundant null check on data (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).
- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod (git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm/slub: add missing TID updates on slab deactivation (git-fixes).
- mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
- net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes).
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes).
- net: axienet: Handle deferred probe on clock properly (git-fixes).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes).
- net: enetc: keep RX ring consumer index in sync with hardware (git-fixes).
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).
- net: hns3: fix error mask definition of flow director (git-fixes).
- net: hso: bail out on interrupt URB allocation failure (git-fixes).
- net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
- net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes).
- net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).
- net: macb: add function to disable all macb clocks (git-fixes).
- net: macb: restore cmp registers on resume path (git-fixes).
- net: macb: unprepare clocks in case of failure (git-fixes).
- net: mscc: Fix OF_MDIO config check (git-fixes).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).
- net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes).
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions (git-fixes).
- random: fix typo in comments (git-fixes).
- random: remove useless header comment (git fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules.
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)).
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).
- scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)).
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2882-1
Released: Wed Aug 24 10:34:31 2022
Summary: Security update for gnutls
Type: security
Severity: important
References: 1202020,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3008-1
Released: Mon Sep 5 04:49:14 2022
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1199283
This update for rsyslog fixes the following issues:
- Fix memory access violation issue in qDeqLinkedList during shutdown (bsc#1199283)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3151-1
Released: Wed Sep 7 12:20:53 2022
Summary: Recommended update for open-iscsi
Type: recommended
Severity: moderate
References: 1200570
This update for open-iscsi fixes the following issues:
- Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570)
- On Tumbleweed, moved logrotate files from user-specific directory /etc/logrotate.d
to vendor-specific /usr/etc/logrotate.d
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released: Wed Sep 7 15:07:31 2022
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1198405,CVE-2022-24795
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released: Thu Sep 8 15:58:27 2022
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3219-1
Released: Thu Sep 8 21:15:24 2022
Summary: Recommended update for sysconfig
Type: recommended
Severity: moderate
References: 1185882,1194557,1199093
This update for sysconfig fixes the following issues:
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- netconfig: revert NM default policy change change (bsc#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- Also support service(network) provides
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3223-1
Released: Fri Sep 9 04:33:35 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released: Fri Sep 9 14:46:01 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3241-1
Released: Mon Sep 12 07:21:04 2022
Summary: Recommended update for cups
Type: recommended
Severity: moderate
References: 1201511
This update for cups fixes the following issues:
- Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 (bsc#1201511)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released: Mon Sep 12 09:07:53 2022
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3264-1
Released: Wed Sep 14 06:23:17 2022
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1023051,1065729,1156395,1179722,1179723,1181862,1191662,1191667,1191881,1192594,1192968,1194272,1194535,1197158,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200431,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201420,1201610,1201705,1201726,1201948,1202096,1202097,1202346,1202347,1202393,1202396,1202447,1202564,1202577,1202636,1202672,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137,CVE-2016-3695,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190
The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
The following non-security bugs were fixed:
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes).
- ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes).
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- KVM: x86: accept userspace interrupt only if no event is injected (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: m_can: process interrupt only when not runtime suspended (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- kabi/severities: add stmmac driver local sumbols
- kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: Use pci_release_region() to release some resources (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is running (git-fixes).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10 (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- profiling: fix shift too large makes kernel panic (git-fixes).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes).
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes).
- usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings.
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors (git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3276-1
Released: Thu Sep 15 06:15:29 2022
Summary: This update fixes the following issues:
Type: recommended
Severity: moderate
References:
Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3292-1
Released: Fri Sep 16 17:06:20 2022
Summary: Security update for ruby2.5
Type: security
Severity: moderate
References: 1193081,CVE-2021-41819
This update for ruby2.5 fixes the following issues:
- CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3327-1
Released: Wed Sep 21 12:47:17 2022
Summary: Security update for oniguruma
Type: security
Severity: important
References: 1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159
This update for oniguruma fixes the following issues:
- CVE-2019-19246: Fixed an out of bounds access during regular
expression matching (bsc#1157805).
- CVE-2019-19204: Fixed an out of bounds access when compiling a
crafted regular expression (bsc#1164569).
- CVE-2019-19203: Fixed an out of bounds access when performing a
string search (bsc#1164550).
- CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling
a crafted regular expression, which could lead to denial of service (bsc#1150130).
- CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
- CVE-2019-13224: Fixed a potential use-after-free when handling
multiple different encodings (bsc#1142847).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3388-1
Released: Mon Sep 26 12:51:36 2022
Summary: Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent
Type: recommended
Severity: moderate
References: 1191036,1194319,1195391,1202100,1202101,1202826
This update for google-guest-agent, google-guest-oslogin, google-osconfig-agent fixes the following issues:
- Update to version 20220713.00 (bsc#1202100, bsc#1202101)
- Use pam_moduledir (bsc#1191036)
- Use install command in %post section to create state file (bsc#1202826)
- Avoid bashim in post install scripts (bsc#1195391)
- Don't restart daemon on package upgrade, create a state file instead (bsc#1194319)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3394-1
Released: Mon Sep 26 16:05:19 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3395-1
Released: Mon Sep 26 16:35:18 2022
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1181994,1188006,1199079,1202868
This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
- Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Removed:
- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
- Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
- Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added:
- HARICA Client ECC Root CA 2021
- HARICA Client RSA Root CA 2021
- HARICA TLS ECC Root CA 2021
- HARICA TLS RSA Root CA 2021
- TunTrust Root CA
Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CAs:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3435-1
Released: Tue Sep 27 14:55:38 2022
Summary: Recommended update for runc
Type: recommended
Severity: important
References: 1202821
This update for runc fixes the following issues:
- Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the
cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd.
- Fix 'permission denied' error from runc run on noexec fs
- Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3452-1
Released: Wed Sep 28 12:13:43 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1201942
This update for glibc fixes the following issues:
- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3544-1
Released: Thu Oct 6 13:48:42 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1202624,CVE-2021-28861
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3555-1
Released: Mon Oct 10 14:05:12 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: important
References: 1199492
This update for aaa_base fixes the following issues:
- The wrapper rootsh is not a restricted shell. (bsc#1199492)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3565-1
Released: Tue Oct 11 16:17:38 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: critical
References: 1189282,1201972,1203649
This update for libzypp, zypper fixes the following issues:
libzypp:
- Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282)
- Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
- Remove migration code that is no longer needed (bsc#1203649)
- Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined
zypper:
- Fix contradiction in the man page: `--download-in-advance` option is the default behavior
- Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
- Fix tests to use locale 'C.UTF-8' rather than 'en_US'
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Remove unneeded code to compute the PPP status because it is now auto established
- Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3591-1
Released: Fri Oct 14 11:38:04 2022
Summary: Recommended update for kdump
Type: recommended
Severity: moderate
References: 1186272,1201051
This update for kdump fixes the following issues:
- Fix unload issue when secure boot enabled (bsc#1186272)
- Fix network-related dracut options handling for fadump case (bsc#1201051)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3597-1
Released: Mon Oct 17 13:13:16 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1203438,CVE-2022-40674
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3612-1
Released: Tue Oct 18 12:21:03 2022
Summary: Recommended update for SUSEConnect
Type: recommended
Severity: moderate
References: 1200641,1200994
This update for SUSEConnect fixes the following issues:
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3665-1
Released: Wed Oct 19 20:29:16 2022
Summary: Security update for xen
Type: security
Severity: important
References: 1027519,1167608,1185104,1197081,1200762,1201394,1201631,1203806,1203807,CVE-2021-28689,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33745,CVE-2022-33746,CVE-2022-33748
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762).
- CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762).
- CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762).
- CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762).
- CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394).
- CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104).
Bugfixes:
- Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631).
- Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081).
- Included upstream bugfixes (bsc#1027519).
The following package changes have been done:
- SUSEConnect-0.3.36-150300.20.6.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated
- ca-certificates-mozilla-2.56-150200.24.1 updated
- cups-config-2.2.7-150000.3.35.1 updated
- curl-7.66.0-150200.4.39.1 updated
- glibc-locale-base-2.31-150300.41.1 updated
- glibc-locale-2.31-150300.41.1 updated
- glibc-2.31-150300.41.1 updated
- google-guest-agent-20220713.00-150000.1.29.1 updated
- google-guest-oslogin-20220721.00-150000.1.30.1 updated
- google-osconfig-agent-20220801.00-150000.1.22.1 updated
- kdump-0.9.0-150300.18.15.1 updated
- kernel-default-5.3.18-150300.59.93.1 updated
- libassuan0-2.5.5-150000.4.3.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcups2-2.2.7-150000.3.35.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated
- libexpat1-2.2.5-150000.3.22.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libfreetype6-2.10.4-150000.4.12.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libgnutls30-3.6.7-150200.14.19.2 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libonig4-6.7.0-150000.3.3.1 updated
- libopeniscsiusr0_2_0-2.1.7-150300.32.21.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libpython3_6m1_0-3.6.15-150300.10.30.1 updated
- libruby2_5-2_5-2.5.9-150000.4.26.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.31.2-150200.45.1 updated
- open-iscsi-2.1.7-150300.32.21.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- perl-5.26.1-150300.17.11.1 updated
- permissions-20181225-150200.23.15.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-base-3.6.15-150300.10.30.1 updated
- python3-3.6.15-150300.10.30.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- rsyslog-8.2106.0-150200.4.32.1 updated
- ruby2.5-stdlib-2.5.9-150000.4.26.1 updated
- ruby2.5-2.5.9-150000.4.26.1 updated
- runc-1.1.4-150000.33.4 updated
- sysconfig-netconfig-0.85.9-150200.12.1 updated
- sysconfig-0.85.9-150200.12.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-sysvinit-246.16-150300.7.51.1 updated
- systemd-246.16-150300.7.51.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-systemd-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- vim-data-common-9.0.0313-150000.5.25.1 updated
- vim-9.0.0313-150000.5.25.1 updated
- xen-libs-4.14.5_06-150300.3.35.1 updated
- zypper-1.14.57-150200.39.1 updated
More information about the sle-security-updates
mailing list