SUSE-IU-2023:141-1: Security update of suse-sles-15-sp4-chost-byos-v20230210-x86_64-gen2

sle-security-updates at sle-security-updates at
Tue Feb 14 08:02:06 UTC 2023

SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230210-x86_64-gen2
Image Advisory ID : SUSE-IU-2023:141-1
Image Tags        : suse-sles-15-sp4-chost-byos-v20230210-x86_64-gen2:20230210
Image Release     : 
Severity          : important
Type              : security
References        : 1027519 1065729 1187428 1188605 1190969 1191259 1193629 1194038
                        1199294 1200102 1201068 1201490 1201492 1201493 1201495 1201496
                        1201689 1202436 1203219 1203652 1203740 1203829 1204254 1204294
                        1204364 1204614 1204652 1204760 1204911 1204944 1204989 1205000
                        1205126 1205209 1205257 1205263 1205385 1205386 1205485 1205496
                        1205601 1205646 1205695 1206073 1206098 1206101 1206188 1206209
                        1206212 1206273 1206344 1206389 1206390 1206391 1206393 1206394
                        1206395 1206396 1206397 1206398 1206399 1206412 1206456 1206468
                        1206504 1206515 1206536 1206546 1206554 1206602 1206619 1206664
                        1206667 1206703 1206794 1206866 1206867 1206868 1206896 1206912
                        1207016 1207082 1207162 1207182 1207183 1207264 1207346 1207396
                        1207471 1207473 1207475 1207533 1207534 1207536 1207538 1207815
                        CVE-2021-20251 CVE-2022-2031 CVE-2022-23491 CVE-2022-23824 CVE-2022-3094
                        CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108
                        CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3114 CVE-2022-3115
                        CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3344
                        CVE-2022-3437 CVE-2022-3564 CVE-2022-3736 CVE-2022-37966 CVE-2022-37967
                        CVE-2022-38023 CVE-2022-3924 CVE-2022-40897 CVE-2022-42898 CVE-2022-42969
                        CVE-2022-4304 CVE-2022-4379 CVE-2022-4415 CVE-2022-4450 CVE-2022-4662
                        CVE-2022-46663 CVE-2022-47520 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054
                        CVE-2023-0215 CVE-2023-0286 CVE-2023-0288 CVE-2023-0433 CVE-2023-22809

The container suse-sles-15-sp4-chost-byos-v20230210-x86_64-gen2 was updated. The following patches have been included in this update:

Advisory ID: SUSE-SU-2023:114-1
Released:    Fri Jan 20 10:22:57 2023
Summary:     Security update for sudo
Type:        security
Severity:    important
References:  1207082,CVE-2023-22809
This update for sudo fixes the following issues:

- CVE-2023-22809: Fixed an arbitrary file write issue that could be
  exploited by users with sudoedit permissions (bsc#1207082).

Advisory ID: SUSE-SU-2023:139-1
Released:    Wed Jan 25 14:41:55 2023
Summary:     Security update for python-certifi
Type:        security
Severity:    important
References:  1206212,CVE-2022-23491
This update for python-certifi fixes the following issues:

- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
  certs (bsc#1206212 CVE-2022-23491)
     - TrustCor RootCert CA-1
     - TrustCor RootCert CA-2
     - TrustCor ECA-1
- Add removeTrustCor.patch

Advisory ID: SUSE-feature-2023:142-1
Released:    Thu Jan 26 06:40:15 2023
Summary:     Feature update for bind
Type:        feature
Severity:    moderate
This update for bind fixes the following issues:

Version update from 9.16.33 to 9.16.35 (jsc#SLE-24801, jsc#SLE-24600)

- New Features:
  * Support for parsing and validating the dohpath service
    parameter in SVCB records was added.
  * named now logs the supported cryptographic algorithms during
    startup and in the output of named -V

- Bug Fixes:
  * A crash was fixed that happened when a dnssec-policy zone that
    used NSEC3 was reconfigured to enable inline-signing.
  * In certain resolution scenarios, quotas could be erroneously
    reached for servers, including any configured forwarders,
    resulting in SERVFAIL answers being sent to clients.
  * rpz-ip rules in response-policy zones could be ineffective in
    some cases if a query had the CD (Checking Disabled) bit set to
  * Previously, if Internet connectivity issues were experienced
    during the initial startup of named, a BIND resolver with
    dnssec-validation set to auto could enter into a state where it
    would not recover without stopping named, manually deleting the
    managed-keys.bind and managed-keys.bind.jnl files, and starting
    named again.
  * The statistics counter representing the current number of
    clients awaiting recursive resolution results (RecursClients)
    could overflow in certain resolution scenarios.
  * Previously, BIND failed to start on Solaris-based systems with
    hundreds of CPUs.
  * When a DNS resource records TTL value was equal to the
    resolver configured prefetch eligibility value, the record
    was erroneously not treated as eligible for prefetching.
  * Changing just the TSIG key names for primaries in catalog
    zones member zones was not effective. This has been fixed.

- Known Issues:
  * Upgrading from BIND 9.16.32 or any older version may require a
    manual configuration change. The following configurations are
    + type primary zones configured with dnssec-policy but without
      either allow-update or update-policy
    + type secondary zones configured with dnssec-policy
    In these cases please add inline-signing yes; to the individual
    zone configuration(s). Without applying this change, named will
    fail to start. For more details, see

Advisory ID: SUSE-SU-2023:149-1
Released:    Thu Jan 26 10:18:30 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206273,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016,CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652)
- CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393)
- CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515)
- CVE-2022-3112: Fixed a  null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399)
- CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
- CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209)
- CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
- CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396)
- CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390)
- CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
- CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391)
- CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
- CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
- CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)

The following non-security bugs were fixed:

- acct: fix potential integer overflow in encode_comp_t() (git-fixes).
- ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes).
- ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes).
- ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes).
- ALSA: asihpi: fix missing pci_disable_device() (git-fixes).
- ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes).
- ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes).
- ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes).
- ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes).
- ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes).
- ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes).
- ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes).
- ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes).
- ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes).
- ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes).
- ALSA: usb-audio: add the quirk for KT0206 device (git-fixes).
- amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes).
- apparmor: fix a memleak in multi_transaction_new() (git-fixes).
- apparmor: Fix abi check to include v8 abi (git-fixes).
- apparmor: fix lockdep warning when removing a namespace (git-fixes).
- apparmor: Fix memleak in alloc_ns() (git-fixes).
- apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes).
- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes).
- ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes).
- ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes).
- ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes).
- ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes).
- ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes).
- ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes).
- ARM: dts: rockchip: fix ir-receiver node names (git-fixes).
- ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes).
- ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes).
- ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes).
- ARM: dts: spear600: Fix clcd interrupt (git-fixes).
- ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes).
- ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes).
- ARM: dts: turris-omnia: Add ethernet aliases (git-fixes).
- ARM: dts: turris-omnia: Add switch port 6 node (git-fixes).
- ARM: mmp: fix timer_read delay (git-fixes).
- ARM: ux500: do not directly dereference __iomem (git-fixes).
- arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219).
- arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes).
- arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes).
- arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes).
- arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes).
- arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes).
- arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes).
- arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes).
- arm64: dts: mt6779: Fix devicetree build warnings (git-fixes).
- arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes).
- arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes).
- arm64: dts: mt8183: Fix Mali GPU clock (git-fixes).
- arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes).
- arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes).
- arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes).
- arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes).
- arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes).
- arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes).
- arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes).
- arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes).
- arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes).
- arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes).
- arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes).
- arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes).
- arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes).
- arm64: dts: rockchip: fix ir-receiver node names (git-fixes).
- arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes).
- arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes).
- arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes).
- ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes).
- ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes).
- ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes).
- ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes).
- ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes).
- ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes).
- ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes).
- ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes).
- ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes).
- ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes).
- ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes).
- ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes).
- ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes).
- ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes).
- ASoC: pxa: fix null-pointer dereference in filter() (git-fixes).
- ASoC: qcom: Add checks for devm_kcalloc (git-fixes).
- ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes).
- ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes).
- ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes).
- ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes).
- ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes).
- ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes).
- ASoC: wm8994: Fix potential deadlock (git-fixes).
- ata: ahci: Fix PCS quirk application for suspend (git-fixes).
- binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes).
- binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes).
- binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes).
- block: Do not reread partition table on exclusively open device (bsc#1190969).
- Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes).
- Bluetooth: btusb: Add debug message for CSR controllers (git-fixes).
- Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes).
- Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes).
- caif: fix memory leak in cfctrl_linkup_request() (git-fixes).
- can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes).
- can: do not increase rx_bytes statistics for RTR frames (git-fixes).
- can: kvaser_usb_leaf: Fix bogus restart events (git-fixes).
- can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes).
- can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes).
- can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes).
- can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes).
- can: m_can: fix typo prescalar -> prescaler (git-fixes).
- can: m_can: is_lec_err(): clean up LEC error handling (git-fixes).
- can: mcba_usb: Fix termination command argument (git-fixes).
- can: sja1000: fix size of OCR_MODE_MASK define (git-fixes).
- can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes).
- chardev: fix error handling in cdev_device_add() (git-fixes).
- cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629).
- cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629).
- cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629).
- cifs: do not refresh cached referrals from unactive mounts (bsc#1193629).
- cifs: fix confusing debug message (bsc#1193629).
- cifs: Fix kmap_local_page() unmapping (git-fixes).
- cifs: fix missing display of three mount options (bsc#1193629).
- cifs: fix oops during encryption (bsc#1199294).
- cifs: fix refresh of cached referrals (bsc#1193629).
- cifs: fix source pathname comparison of dfs supers (bsc#1193629).
- cifs: fix various whitespace errors in headers (bsc#1193629).
- cifs: get rid of mount options string parsing (bsc#1193629).
- cifs: minor cleanup of some headers (bsc#1193629).
- cifs: optimize reconnect of nested links (bsc#1193629).
- cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629).
- cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629).
- cifs: reduce roundtrips on create/qinfo requests (bsc#1193629).
- cifs: refresh root referrals (bsc#1193629).
- cifs: Remove duplicated include in cifsglob.h (bsc#1193629).
- cifs: remove unused smb3_fs_context::mount_options (bsc#1193629).
- cifs: set correct ipc status after initial tree connect (bsc#1193629).
- cifs: set correct status of tcon ipc when reconnecting (bsc#1193629).
- cifs: set correct tcon status after initial tree connect (bsc#1193629).
- cifs: set resolved ip in sockaddr (bsc#1193629).
- cifs: share dfs connections and supers (bsc#1193629).
- cifs: skip alloc when request has no pages (bsc#1193629).
- cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629).
- cifs: update internal module number (bsc#1193629).
- cifs: use fs_context for automounts (bsc#1193629).
- cifs: use origin fullpath for automounts (bsc#1193629).
- class: fix possible memory leak in __class_register() (git-fixes).
- clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes).
- clk: generalize devm_clk_get() a bit (git-fixes).
- clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes).
- clk: imx: replace osc_hdmi with dummy (git-fixes).
- clk: nomadik: correct struct name kernel-doc warning (git-fixes).
- clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes).
- clk: qcom: clk-krait: fix wrong div2 functions (git-fixes).
- clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes).
- clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes).
- clk: renesas: r9a06g032: Repair grave increment error (git-fixes).
- clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes).
- clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes).
- clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes).
- clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes).
- clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes).
- clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes).
- clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes).
- cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485).
- cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485).
- cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485).
- cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068).
- crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes).
- crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes).
- crypto: cryptd - Use request context instead of stack for sub-request (git-fixes).
- crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes).
- crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes).
- crypto: n2 - add missing hash statesize (git-fixes).
- crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes).
- crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes).
- crypto: rockchip - add fallback for ahash (git-fixes).
- crypto: rockchip - add fallback for cipher (git-fixes).
- crypto: rockchip - better handle cipher key (git-fixes).
- crypto: rockchip - do not do custom power management (git-fixes).
- crypto: rockchip - do not store mode globally (git-fixes).
- crypto: rockchip - remove non-aligned handling (git-fixes).
- crypto: rockchip - rework by using crypto_engine (git-fixes).
- crypto: sun8i-ss - use dma_addr instead u32 (git-fixes).
- crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes).
- device property: Fix documentation for fwnode_get_next_parent() (git-fixes).
- dmaengine: idxd: Fix crc_val field for completion record (git-fixes).
- docs/zh_CN: Fix '.. only::' directive's expression (git-fixes).
- Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes).
- Documentation: devres: add missing MEM helper (git-fixes).
- Documentation: devres: add missing PHY helpers (git-fixes).
- Documentation: devres: add missing PWM helper (git-fixes).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove call to memset before free device/resource/connection (git-fixes).
- drbd: remove usage of list iterator variable after loop (git-fixes).
- drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes).
- drivers: dio: fix possible memory leak in dio_init() (git-fixes).
- drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes).
- drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes).
- drm/amd/display: fix array index out of bound error in bios parser (git-fixes).
- drm/amd/display: Manually adjust strobe for DCN303 (git-fixes).
- drm/amd/display: prevent memory leak (git-fixes).
- drm/amd/display: Use the largest vready_offset in pipe group (git-fixes).
- drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes).
- drm/amdgpu: fix pci device refcount leak (git-fixes).
- drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes).
- drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes).
- drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes).
- drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes).
- drm/amdgpu: make display pinning more flexible (v2) (git-fixes).
- drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes).
- drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes).
- drm/amdkfd: Fix memory leakage (git-fixes).
- drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes).
- drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes).
- drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes).
- drm/connector: send hotplug uevent on connector cleanup (git-fixes).
- drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes).
- drm/etnaviv: add missing quirks for GC300 (git-fixes).
- drm/etnaviv: do not truncate physical page address (git-fixes).
- drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes).
- drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes).
- drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes).
- drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes).
- drm/i915: remove circ_buf.h includes (git-fixes).
- drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes).
- drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes).
- drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes).
- drm/i915/gvt: fix gvt debugfs destroy (git-fixes).
- drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes).
- drm/i915/migrate: do not check the scratch page (git-fixes).
- drm/i915/migrate: fix length calculation (git-fixes).
- drm/i915/migrate: fix offset calculation (git-fixes).
- drm/i915/ttm: never purge busy objects (git-fixes).
- drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes).
- drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes).
- drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes).
- drm/mediatek: Modify dpi power on/off sequence (git-fixes).
- drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes).
- drm/msm: Use drm_mode_copy() (git-fixes).
- drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes).
- drm/panfrost: Fix GEM handle creation ref-counting (git-fixes).
- drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes).
- drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes).
- drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes).
- drm/rockchip: Use drm_mode_copy() (git-fixes).
- drm/shmem-helper: Avoid vm_open error paths (git-fixes).
- drm/shmem-helper: Remove errant put in error path (git-fixes).
- drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes).
- drm/sti: Use drm_mode_copy() (git-fixes).
- drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes).
- drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes).
- drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes).
- drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes).
- Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259)
- dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes).
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes).
- dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes).
- dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes).
- dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes).
- EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263).
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes).
- extcon: usbc-tusb320: Add support for TUSB320L (git-fixes).
- extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes).
- fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes).
- fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes).
- fbdev: geode: do not build on UML (git-fixes).
- fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes).
- fbdev: pm2fb: fix missing pci_disable_device() (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- fbdev: ssd1307fb: Drop optional dependency (git-fixes).
- fbdev: uvesafb: do not build on UML (git-fixes).
- fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes).
- fbdev: vermilion: decrease reference count in error path (git-fixes).
- fbdev: via: Fix error in via_core_init() (git-fixes).
- firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).
- floppy: Fix memory leak in do_floppy_init() (git-fixes).
- fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273).
- gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes).
- gpiolib: cdev: fix NULL-pointer dereferences (git-fixes).
- gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes).
- gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes).
- gpiolib: Get rid of redundant 'else' (git-fixes).
- gpiolib: improve coding style for local variables (git-fixes).
- gpiolib: make struct comments into real kernel docs (git-fixes).
- hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes).
- hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes).
- HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes).
- HID: mcp2221: do not connect hidraw (git-fixes).
- HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes).
- HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes).
- HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes).
- HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes).
- HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes).
- HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes).
- HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes).
- HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes).
- hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes).
- hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes).
- hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes).
- hwrng: amd - Fix PCI device refcount leak (git-fixes).
- i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes).
- i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes).
- i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes).
- IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes)
- ibmveth: Always stop tx queues during close (bsc#1065729).
- iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes).
- iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes).
- iio: fix memory leak in iio_device_register_eventset() (git-fixes).
- iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes).
- ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes).
- Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes).
- Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes).
- Input: wistron_btns - disable on UML (git-fixes).
- integrity: Fix memory leakage in keyring allocation error path (git-fixes).
- ipmi: fix long wait in unload when IPMI disconnect (git-fixes).
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes).
- ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes).
- kABI: reintroduce a non-inline usleep_range (git-fixes).
- lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes).
- lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes).
- mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes).
- mailbox: mpfs: read the system controller's status (git-fixes).
- mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes).
- media: adv748x: afe: Select input port when initializing AFE (git-fixes).
- media: camss: Clean up received buffers on failed start of streaming (git-fixes).
- media: dvb-core: Fix double free in dvb_register_device() (git-fixes).
- media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes).
- media: dvb-frontends: fix leak of memory fw (git-fixes).
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes).
- media: i2c: ad5820: Fix error path (git-fixes).
- media: imon: fix a race condition in send_packet() (git-fixes).
- media: saa7164: fix missing pci_disable_device() (git-fixes).
- media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes).
- media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes).
- media: stv0288: use explicitly signed char (git-fixes).
- media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes).
- media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes).
- media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes).
- media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes).
- media: vimc: Fix wrong function called when vimc_init() fails (git-fixes).
- media: vivid: fix compose size exceed boundary (git-fixes).
- memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
- memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
- mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes).
- mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes).
- mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes).
- mfd: pm8008: Remove driver data structure pm8008_data (git-fixes).
- mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes).
- mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes).
- misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes).
- misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes).
- mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
- mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
- mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
- mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468).
- mmc: alcor: fix return value check of mmc_add_host() (git-fixes).
- mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes).
- mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes).
- mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes).
- mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes).
- mmc: mmci: fix return value check of mmc_add_host() (git-fixes).
- mmc: moxart: fix return value check of mmc_add_host() (git-fixes).
- mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes).
- mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: pxamci: fix return value check of mmc_add_host() (git-fixes).
- mmc: renesas_sdhi: alway populate SCC pointer (git-fixes).
- mmc: renesas_sdhi: better reset from HS400 mode (git-fixes).
- mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes).
- mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes).
- mmc: toshsd: fix return value check of mmc_add_host() (git-fixes).
- mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: vub300: fix return value check of mmc_add_host() (git-fixes).
- mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes).
- mmc: wbsd: fix return value check of mmc_add_host() (git-fixes).
- mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes).
- module: change to print useful messages from elf_validity_check() (git-fixes).
- module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
- mt76: stop the radar detector after leaving dfs channel (git-fixes).
- mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes).
- mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes).
- mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes).
- mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes).
- mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes).
- mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes).
- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619).
- net: mana: Fix race on per-CQ variable napi work_done (git-fixes).
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes).
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- net: usb: smsc95xx: fix external PHY reset (git-fixes).
- net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536).
- net/mlx5: Lag, filter non compatible devices (bsc#1206536).
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
- nfc: Fix potential resource leaks (git-fixes).
- nfc: pn533: Clear nfc_target before being used (git-fixes).
- nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes).
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes).
- nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes).
- octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682).
- octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682).
- octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682).
- octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682).
- octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682).
- octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682).
- octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682).
- octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682).
- octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682).
- octeontx2-pf: Add egress PFC support (jsc#SLE-24682).
- octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682).
- octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682).
- octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682).
- octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682).
- octeontx2-pf: Fix unused variable build error (jsc#SLE-24682).
- octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682).
- octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682).
- octeontx2: Modify mbox request and response structures (jsc#SLE-24682).
- padata: Fix list iterator in padata_do_serial() (git-fixes).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- PCI: dwc: Fix n_fts[] array overrun (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes).
- PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes).
- PCI: vmd: Disable MSI remapping after suspend (git-fixes).
- PCI/sysfs: Fix double free in error path (git-fixes).
- phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes).
- pinctrl: k210: call of_node_put() (git-fixes).
- pinctrl: meditatek: Startup with the IRQs disabled (git-fixes).
- pinctrl: pinconf-generic: add missing of_node_put() (git-fixes).
- platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes).
- platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes).
- platform/x86: huawei-wmi: fix return value calculation (git-fixes).
- platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes).
- platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes).
- PM: hibernate: Fix mistake in kerneldoc comment (git-fixes).
- PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes).
- PNP: fix name memory leak in pnp_alloc_dev() (git-fixes).
- power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes).
- power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes).
- power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes).
- power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes).
- powerpc: export the CPU node count (bsc#1207016 ltc#201108).
- powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108).
- powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
- powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
- powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
- proc: fixup uptime selftest (git-fixes).
- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).
- pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes).
- pstore: Properly assign mem_type property (git-fixes).
- pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes).
- pstore/ram: Fix error return code in ramoops_probe() (git-fixes).
- pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes).
- pwm: lpc18xx-sct: Fix a comment to match code (git-fixes).
- pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes).
- pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes).
- pwm: tegra: Improve required rate calculation (git-fixes).
- r6040: Fix kmemleak in probe and remove (git-fixes).
- random: allow partial reads if later user copies fail (bsc#1204911).
- random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911).
- random: convert to using fops->read_iter() (bsc#1204911).
- random: convert to using fops->write_iter() (bsc#1204911).
- random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911).
- random: zero buffer after reading entropy from userspace (bsc#1204911).
- RDMA: Disable IB HW for UML (git-fixes)
- RDMA/core: Fix order of nldev_exit call (git-fixes)
- RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes)
- RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes)
- RDMA/hfi: Decrease PCI device reference count in error path (git-fixes)
- RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- RDMA/hns: Fix AH attr queried by query_qp (git-fixes)
- RDMA/hns: Fix error code of CMD (git-fixes)
- RDMA/hns: Fix ext_sge num error when post send (git-fixes)
- RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes)
- RDMA/hns: Fix page size cap from firmware (git-fixes)
- RDMA/hns: Fix PBL page MTR find (git-fixes)
- RDMA/hns: Fix XRC caps on HIP08 (git-fixes)
- RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes)
- RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes)
- RDMA/irdma: Initialize net_type before checking it (git-fixes)
- RDMA/irdma: Report the correct link speed (git-fixes)
- RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes)
- RDMA/nldev: Fix failure to send large messages (git-fixes)
- RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes)
- RDMA/restrack: Release MR restrack when delete (git-fixes)
- RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes)
- RDMA/siw: Fix immediate work request flush to completion queue (git-fixes)
- RDMA/siw: Fix pointer cast warning (git-fixes)
- RDMA/siw: Set defined status for work completion with undefined status (git-fixes)
- RDMA/srp: Fix error return code in srp_parse_options() (git-fixes)
- regulator: bd718x7: Drop unnecessary info print (git-fixes).
- regulator: core: fix deadlock on regulator enable (git-fixes).
- regulator: core: fix module refcount leak in set_supply() (git-fixes).
- regulator: core: fix resource leak in regulator_register() (git-fixes).
- regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes).
- regulator: core: fix use_count leakage when handling boot-on (git-fixes).
- regulator: core: use kfree_const() to free space conditionally (git-fixes).
- regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes).
- regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes).
- regulator: slg51000: Wait after asserting CS pin (git-fixes).
- regulator: twl6030: fix get status of twl6032 regulators (git-fixes).
- remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes).
- remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes).
- remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes).
- remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes).
- remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes).
- remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes).
- remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes).
- rtc: cmos: fix build on non-ACPI platforms (git-fixes).
- rtc: cmos: Fix event handler registration ordering issue (git-fixes).
- rtc: cmos: Fix wake alarm breakage (git-fixes).
- rtc: ds1347: fix value written to century register (git-fixes).
- rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes).
- rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes).
- rtc: pcf85063: Fix reading alarm (git-fixes).
- rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes).
- rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes).
- rtc: snvs: Allow a time difference on clock register read (git-fixes).
- rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes).
- rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829).
- s390/boot: add secure boot trailer (bsc#1205257 LTC#200451).
- sbitmap: fix lockup while swapping (bsc#1206602).
- sched/core: Fix comparison in sched_group_cookie_match() (git-fixes)
- sched/core: Fix the bug that task won't enqueue into core (git-fixes)
- sched/topology: Remove redundant variable and fix incorrect (git-fixes)
- sched/uclamp: Fix relationship between uclamp and migration (git-fixes)
- sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes)
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes).
- scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes).
- scsi: core: Reallocate device's budget map on queue depth change (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
- scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes).
- scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes).
- scsi: hisi_sas: Use managed PCI functions (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
- scsi: iscsi: Add recv workqueue helpers (git-fixes).
- scsi: iscsi: Fix harmless double shift bug (git-fixes).
- scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes).
- scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes).
- scsi: iscsi: kabi: fix libiscsi new field (git-fixes).
- scsi: iscsi: Merge suspend fields (git-fixes).
- scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes).
- scsi: iscsi: Run recv path from workqueue (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes).
- scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
- scsi: mpi3mr: Fix memory leaks (git-fixes).
- scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes).
- scsi: mpi3mr: Fixes around reply request queues (git-fixes).
- scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes).
- scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes).
- scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes).
- scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes).
- scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes).
- scsi: pm8001: Fix tag leaks on error (git-fixes).
- scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes).
- scsi: pm80xx: Fix double completion for SATA devices (git-fixes).
- scsi: pm80xx: Fix memory leak during rmmod (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
- scsi: qedf: Add stag_work to all the vports (git-fixes).
- scsi: qedf: Change context reset messages to ratelimited (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
- scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes).
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes).
- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes).
- scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes).
- scsi: sr: Do not use GFP_DMA (git-fixes).
- scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes).
- scsi: ufs: Fix a kernel crash during shutdown (git-fixes).
- scsi: ufs: Treat link loss as fatal error (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes).
- scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes).
- scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes).
- selftests: set the BUILD variable to absolute path (git-fixes).
- selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes).
- selftests/efivarfs: Add checking of the test return value (git-fixes).
- selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes).
- selftests/powerpc: Fix resource leaks (git-fixes).
- serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes).
- serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes).
- serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes).
- serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes).
- serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes).
- serial: sunsab: Fix error handling in sunsab_init() (git-fixes).
- serial: tegra: Read DMA status before terminating (git-fixes).
- soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes).
- soc: qcom: llcc: make irq truly optional (git-fixes).
- soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes).
- soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes).
- soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes).
- soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes).
- spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes).
- spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes).
- spi: Update reference to struct spi_controller (git-fixes).
- staging: media: tegra-video: fix chan->mipi value on error (git-fixes).
- staging: media: tegra-video: fix device_node use after free (git-fixes).
- staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes).
- staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes).
- string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
- test_firmware: fix memory leak in test_firmware_init() (git-fixes).
- thermal: core: fix some possible name leaks in error paths (git-fixes).
- thermal: int340x: Add missing attribute for data rate base (git-fixes).
- thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes).
- thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes).
- timers: implement usleep_idle_range() (git-fixes).
- tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes).
- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes).
- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes).
- tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes).
- tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes).
- tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes).
- tracing: Free buffers when a used dynamic event is removed (git-fixes).
- tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes).
- tracing/osnoise: Fix duration type (git-fixes).
- tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes).
- tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes).
- uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes).
- uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes).
- units: Add SI metric prefix definitions (git-fixes).
- units: add the HZ macros (git-fixes).
- usb: cdnsp: fix lack of ZLP for ep0 (git-fixes).
- usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes).
- usb: dwc3: fix PHY disable sequence (git-fixes).
- usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes).
- usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes).
- usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes).
- usb: dwc3: qcom: fix runtime PM wakeup (git-fixes).
- usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes).
- usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes).
- usb: rndis_host: Secure rndis_query check against int overflow (git-fixes).
- usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes).
- usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
- usb: serial: f81232: fix division by zero on line-speed change (git-fixes).
- usb: serial: f81534: fix division by zero on line-speed change (git-fixes).
- usb: serial: option: add Quectel EM05-G modem (git-fixes).
- usb: storage: Add check for kcalloc (git-fixes).
- usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes).
- usb: typec: Factor out non-PD fwnode properties (git-fixes).
- usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes).
- usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes).
- usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes).
- usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes).
- usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes).
- vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes).
- vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes).
- vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes).
- vhost: fix range used in translate_desc() (git-fixes).
- vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).
- vmxnet3: correctly report csum_level for encapsulated packet (git-fixes).
- vringh: fix range used in iotlb_translate() (git-fixes).
- vsock: Enable y2038 safe timeval for timeout (bsc#1206101).
- vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101).
- wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes).
- wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes).
- wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes).
- wifi: ath9k: verify the expected usb_endpoints are present (git-fixes).
- wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes).
- wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes).
- wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes).
- wifi: iwlwifi: mvm: fix double free on tx path (git-fixes).
- wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes).
- wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes).
- wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes).
- wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes).
- wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes).
- wifi: rtl8xxxu: Fix the channel width reporting (git-fixes).
- wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes).
- wifi: rtw89: fix physts IE page check (git-fixes).
- wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes).
- wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes).
- wifi: wilc1000: sdio: fix module autoloading (git-fixes).
- xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes).

Advisory ID: SUSE-SU-2023:159-1
Released:    Thu Jan 26 18:21:56 2023
Summary:     Security update for python-setuptools
Type:        security
Severity:    moderate
References:  1206667,CVE-2022-40897
This update for python-setuptools fixes the following issues:

- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered
  by fetching a malicious HTML document (bsc#1206667).

Advisory ID: SUSE-SU-2023:160-1
Released:    Thu Jan 26 18:22:30 2023
Summary:     Security update for samba
Type:        security
Severity:    important
References:  1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,1205385,1205386,1206504,1206546,CVE-2021-20251,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-37966,CVE-2022-37967,CVE-2022-38023,CVE-2022-42898
This update for samba fixes the following issues:

- CVE-2021-20251: Fixed an issue where the bad password count would
  not be properly incremented, which could allow attackers to brute
  force a user's password (bsc#1206546).

- Updated to version 4.15.13:
  - CVE-2022-37966: Fixed an issue where a weak cipher would be
    selected to encrypt session keys, which could lead to privilege
    escalation (bsc#1205385).
  - CVE-2022-37967: Fixed a potential privilege escalation issue via
    constrained delegation due to weak a cryptographic algorithm
    being selected (bsc#1205386).
  - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon
    Secure channel (bsc#1206504).

- Updated to version 4.15.12:
  - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on
  32-bit systems (bsc#1205126).

- Updated to version 4.15.11:
  - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()

- Updated to version 4.15.10:
  - Fixed a potential crash due to a concurrency issue (bsc#1200102).

- Updated to version 4.15.9:
  - CVE-2022-32742: Fixed an information leak that could be triggered
    via SMB1 (bsc#1201496).
  - CVE-2022-32746: Fixed a memory corruption issue in database
    audit logging (bsc#1201490).
  - CVE-2022-2031: Fixed AD restrictions bypass associated with
    changing passwords (bsc#1201495).
  - CVE-2022-32745: Fixed a remote server crash that could be
    triggered with certain LDAP requests (bsc#1201492).
  - CVE-2022-32744: Fixed an issue where AD users could have forged
    password change requests on behalf of other users (bsc#1201493).

Other fixes:

- Fixed a problem when using bind as samba-ad-dc backend related to
  the named service (bsc#1201689).

Advisory ID: SUSE-SU-2023:161-1
Released:    Thu Jan 26 18:23:16 2023
Summary:     Security update for python-py
Type:        security
Severity:    moderate
References:  1204364,CVE-2022-42969
This update for python-py fixes the following issues:

- CVE-2022-42969: Fixed an excessive resource consumption that could
  be triggered when interacting with a Subversion repository
  containing crated data (bsc#1204364).

Advisory ID: SUSE-SU-2023:169-1
Released:    Thu Jan 26 18:29:53 2023
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1027519,1205209,CVE-2022-23824
This update for xen fixes the following issues:

- CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209).

Non-security fixes:

- Updated to version 4.16.3 (bsc#1027519).

Advisory ID: SUSE-RU-2023:175-1
Released:    Thu Jan 26 20:53:51 2023
Summary:     Recommended update for gnutls
Type:        recommended
Severity:    moderate
References:  1207183,1207346
This update for gnutls fixes the following issues:

- FIPS: Added GnuTLS DH/ECDH pairwise consistency check for public key regeneration [bsc#1207183]
- FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346]

Advisory ID: SUSE-RU-2023:177-1
Released:    Thu Jan 26 20:57:35 2023
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194038,1205646
This update for util-linux fixes the following issues:

- Fix tests not passing when '@' character is in build path: 
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).

Advisory ID: SUSE-RU-2023:178-1
Released:    Thu Jan 26 20:58:21 2023
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1207182
This update for openssl-1_1 fixes the following issues:

- FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182]

Advisory ID: SUSE-RU-2023:179-1
Released:    Thu Jan 26 21:54:30 2023
Summary:     Recommended update for tar
Type:        recommended
Severity:    low
References:  1202436
This update for tar fixes the following issue:

- Fix hang when unpacking test tarball (bsc#1202436)

Advisory ID: SUSE-RU-2023:181-1
Released:    Thu Jan 26 21:55:43 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1206412
This update for procps fixes the following issues:

- Improve memory handling/usage (bsc#1206412) 
- Make sure that correct library version is installed (bsc#1206412)

Advisory ID: SUSE-RU-2023:188-1
Released:    Fri Jan 27 12:07:19 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Follow up fix for bug bsc#1203652 due to libxml2 issues

Advisory ID: SUSE-SU-2023:201-1
Released:    Fri Jan 27 15:24:15 2023
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1204944,1205000,1207264,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed an issue where users could access coredumps
  with changed uid, gid or capabilities (bsc#1205000).

Non-security fixes:

- Enabled the pstore service (jsc#PED-2663).
- Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944).
- Fixed an issue where a pamd file could get accidentally overwritten
  after an update (bsc#1207264).

Advisory ID: SUSE-SU-2023:211-1
Released:    Mon Jan 30 17:26:10 2023
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433
This update for vim fixes the following issues:

- Updated to version 9.0.1234:
  - CVE-2023-0433: Fixed an out of bounds memory access that could
    cause a crash (bsc#1207396).
  - CVE-2023-0288: Fixed an out of bounds memory access that could
    cause a crash (bsc#1207162).
  - CVE-2023-0054: Fixed an out of bounds memory write that could
    cause a crash or memory corruption (bsc#1206868).
  - CVE-2023-0051: Fixed an out of bounds memory access that could
    cause a crash (bsc#1206867).
  - CVE-2023-0049: Fixed an out of bounds memory access that could
    cause a crash (bsc#1206866).

Advisory ID: SUSE-SU-2023:311-1
Released:    Tue Feb  7 17:36:32 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286
This update for openssl-1_1 fixes the following issues:

- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).

Advisory ID: SUSE-RU-2023:335-1
Released:    Thu Feb  9 13:51:13 2023
Summary:     Recommended update for hyper-v
Type:        recommended
Severity:    moderate
This update for hyper-v fixes the following issues:
   - Provide the latest version for SLE-15-SP4 too.
Advisory ID: SUSE-SU-2023:341-1
Released:    Fri Feb 10 10:04:35 2023
Summary:     Security update for bind
Type:        security
Severity:    important
References:  1207471,1207473,1207475,CVE-2022-3094,CVE-2022-3736,CVE-2022-3924
This update for bind fixes the following issues:

- Updated to version 9.16.37 (jsc#SLE-24600):
  - CVE-2022-3094: Fixed an issue where a message flood could exhaust
    all available memory (bsc#1207471).
  - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in
    configurations with stale cache and stale answers enabled and
    stale-answer-client-timeout set to a positive value (bsc#1207473).
  - CVE-2022-3924: Fixed a potential crash upon reaching the
    recursive-clients soft quota in configurations with stale answers
    enabled and stale-answer-client-timeout set to a positive value

Advisory ID: SUSE-SU-2023:348-1
Released:    Fri Feb 10 15:08:41 2023
Summary:     Security update for less
Type:        security
Severity:    moderate
References:  1207815,CVE-2022-46663
This update for less fixes the following issues:

  - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815).

Advisory ID: SUSE-RU-2023:349-1
Released:    Fri Feb 10 15:09:03 2023
Summary:     Recommended update for hwinfo
Type:        recommended
Severity:    moderate
References:  1204294
This update for hwinfo fixes the following issues:

- Create Xen usb controller device if necessary. (bsc#1204294)

The following package changes have been done:

- bind-utils-9.16.37-150400.5.17.1 updated
- hwinfo-21.84-150400.3.9.1 updated
- hyper-v-8-150200.14.8.1 updated
- kernel-default-5.14.21-150400.24.41.1 updated
- less-590-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.14.1 updated
- libfdisk1-2.37.2-150400.8.14.1 updated
- libgnutls30-3.7.3-150400.4.24.1 updated
- libmount1-2.37.2-150400.8.14.1 updated
- libopenssl1_1-1.1.1l-150400.7.22.1 updated
- libprocps7-3.3.15-150000.7.28.1 updated
- libsmartcols1-2.37.2-150400.8.14.1 updated
- libsystemd0-249.14-150400.8.19.1 updated
- libudev1-249.14-150400.8.19.1 updated
- libuuid1-2.37.2-150400.8.14.1 updated
- libz1-1.2.11-150000.3.39.1 updated
- openssl-1_1-1.1.1l-150400.7.22.1 updated
- procps-3.3.15-150000.7.28.1 updated
- python3-bind-9.16.37-150400.5.17.1 updated
- python3-certifi-2018.1.18-150000.3.3.1 updated
- python3-py-1.10.0-150100.5.12.1 updated
- python3-setuptools-44.1.1-150400.3.3.1 updated
- samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 updated
- samba-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 added
- sudo-1.9.9-150400.4.12.1 updated
- systemd-sysvinit-249.14-150400.8.19.1 updated
- systemd-249.14-150400.8.19.1 updated
- tar-1.34-150000.3.26.1 updated
- udev-249.14-150400.8.19.1 updated
- util-linux-systemd-2.37.2-150400.8.14.1 updated
- util-linux-2.37.2-150400.8.14.1 updated
- vim-data-common-9.0.1234-150000.5.34.1 updated
- vim-9.0.1234-150000.5.34.1 updated
- xen-libs-4.16.3_02-150400.4.19.1 updated

More information about the sle-security-updates mailing list