From null at suse.de Tue Oct 1 16:30:14 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Oct 2024 16:30:14 -0000 Subject: SUSE-SU-2024:3507-1: important: Security update for MozillaThunderbird Message-ID: <172780021462.18960.17021084026394406793@smelt2.prg2.suse.org> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2024:3507-1 Release Date: 2024-10-01T15:02:22Z Rating: important References: * bsc#1184272 * bsc#1226316 * bsc#1228648 * bsc#1229821 Cross-References: * CVE-2024-6600 * CVE-2024-6601 * CVE-2024-6602 * CVE-2024-6603 * CVE-2024-6604 * CVE-2024-6606 * CVE-2024-6607 * CVE-2024-6608 * CVE-2024-6609 * CVE-2024-6610 * CVE-2024-6611 * CVE-2024-6612 * CVE-2024-6613 * CVE-2024-6614 * CVE-2024-6615 * CVE-2024-7518 * CVE-2024-7519 * CVE-2024-7520 * CVE-2024-7521 * CVE-2024-7522 * CVE-2024-7525 * CVE-2024-7526 * CVE-2024-7527 * CVE-2024-7528 * CVE-2024-7529 * CVE-2024-8381 * CVE-2024-8382 * CVE-2024-8384 * CVE-2024-8385 * CVE-2024-8386 * CVE-2024-8387 * CVE-2024-8394 CVSS scores: * CVE-2024-6600 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-6601 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-6602 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2024-6603 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2024-6604 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-6606 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L * CVE-2024-6607 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-6608 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-6608 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-6609 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2024-6609 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-6610 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L * CVE-2024-6610 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-6611 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-6612 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-6614 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-6615 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7518 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2024-7518 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-7519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7519 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2024-7520 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7520 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7521 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7521 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7522 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2024-7522 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7525 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7525 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-7526 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2024-7526 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-7526 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-7527 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7527 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7528 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7528 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7529 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-7529 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-8381 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-8381 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8382 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-8382 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-8384 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-8384 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8385 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2024-8385 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8386 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-8386 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-8387 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-8387 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8394 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves 32 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: * Mozilla Thunderbird 128.2.3 MFSA 2024-43 (bsc#1229821) * CVE-2024-8394: Crash when aborting verification of OTR chat. * CVE-2024-8385: WASM type confusion involving ArrayTypes. * CVE-2024-8381: Type confusion when looking up a property name in a "with" block. * CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran. * CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions. * CVE-2024-8386: SelectElements could be shown over another site if popups are allowed. * CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. MFSA 2024-37 (bsc#1228648) * CVE-2024-7518: Fullscreen notification dialog can be obscured by document content. * CVE-2024-7519: Out of bounds memory access in graphics shared memory handling. * CVE-2024-7520: Type confusion in WebAssembly. * CVE-2024-7521: Incomplete WebAssembly exception handing. * CVE-2024-7522: Out of bounds read in editor component. * CVE-2024-7525: Missing permission check when creating a StreamFilter. * CVE-2024-7526: Uninitialized memory used by WebGL. * CVE-2024-7527: Use-after-free in JavaScript garbage collection. * CVE-2024-7528: Use-after-free in IndexedDB. * CVE-2024-7529: Document content could partially obscure security prompts. MFSA 2024-32 (bsc#1226316) * CVE-2024-6606: Out-of-bounds read in clipboard component. * CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented. * CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock. * CVE-2024-6609: Memory corruption in NSS. * CVE-2024-6610: Form validation popups could block exiting full-screen mode. * CVE-2024-6600: Memory corruption in WebGL API. * CVE-2024-6601: Race condition in permission assignment. * CVE-2024-6602: Memory corruption in NSS. * CVE-2024-6603: Memory corruption in thread creation. * CVE-2024-6611: Incorrect handling of SameSite cookies. * CVE-2024-6612: CSP violation leakage when using devtools. * CVE-2024-6613: Incorrect listing of stack frames. * CVE-2024-6614: Incorrect listing of stack frames. * CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13. * CVE-2024-6615: Memory safety bugs fixed in Firefox 128 and Thunderbird 128. Bug fixes: \- Recommend libfido2-udev in order to try to get security keys (e.g. Yubikeys) working out of the box. (bsc#1184272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3507=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3507=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3507=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3507=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3507=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3507=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3507=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-other-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-common-128.2.3-150200.8.177.1 * MozillaThunderbird-128.2.3-150200.8.177.1 * MozillaThunderbird-debuginfo-128.2.3-150200.8.177.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-other-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-common-128.2.3-150200.8.177.1 * MozillaThunderbird-128.2.3-150200.8.177.1 * MozillaThunderbird-debuginfo-128.2.3-150200.8.177.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-other-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-common-128.2.3-150200.8.177.1 * MozillaThunderbird-128.2.3-150200.8.177.1 * MozillaThunderbird-debuginfo-128.2.3-150200.8.177.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-other-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-common-128.2.3-150200.8.177.1 * MozillaThunderbird-128.2.3-150200.8.177.1 * MozillaThunderbird-debuginfo-128.2.3-150200.8.177.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaThunderbird-debugsource-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-other-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-common-128.2.3-150200.8.177.1 * MozillaThunderbird-128.2.3-150200.8.177.1 * MozillaThunderbird-debuginfo-128.2.3-150200.8.177.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debugsource-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-other-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-common-128.2.3-150200.8.177.1 * MozillaThunderbird-128.2.3-150200.8.177.1 * MozillaThunderbird-debuginfo-128.2.3-150200.8.177.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * MozillaThunderbird-debugsource-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-other-128.2.3-150200.8.177.1 * MozillaThunderbird-translations-common-128.2.3-150200.8.177.1 * MozillaThunderbird-128.2.3-150200.8.177.1 * MozillaThunderbird-debuginfo-128.2.3-150200.8.177.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6600.html * https://www.suse.com/security/cve/CVE-2024-6601.html * https://www.suse.com/security/cve/CVE-2024-6602.html * https://www.suse.com/security/cve/CVE-2024-6603.html * https://www.suse.com/security/cve/CVE-2024-6604.html * https://www.suse.com/security/cve/CVE-2024-6606.html * https://www.suse.com/security/cve/CVE-2024-6607.html * https://www.suse.com/security/cve/CVE-2024-6608.html * https://www.suse.com/security/cve/CVE-2024-6609.html * https://www.suse.com/security/cve/CVE-2024-6610.html * https://www.suse.com/security/cve/CVE-2024-6611.html * https://www.suse.com/security/cve/CVE-2024-6612.html * https://www.suse.com/security/cve/CVE-2024-6613.html * https://www.suse.com/security/cve/CVE-2024-6614.html * https://www.suse.com/security/cve/CVE-2024-6615.html * https://www.suse.com/security/cve/CVE-2024-7518.html * https://www.suse.com/security/cve/CVE-2024-7519.html * https://www.suse.com/security/cve/CVE-2024-7520.html * https://www.suse.com/security/cve/CVE-2024-7521.html * https://www.suse.com/security/cve/CVE-2024-7522.html * https://www.suse.com/security/cve/CVE-2024-7525.html * https://www.suse.com/security/cve/CVE-2024-7526.html * https://www.suse.com/security/cve/CVE-2024-7527.html * https://www.suse.com/security/cve/CVE-2024-7528.html * https://www.suse.com/security/cve/CVE-2024-7529.html * https://www.suse.com/security/cve/CVE-2024-8381.html * https://www.suse.com/security/cve/CVE-2024-8382.html * https://www.suse.com/security/cve/CVE-2024-8384.html * https://www.suse.com/security/cve/CVE-2024-8385.html * https://www.suse.com/security/cve/CVE-2024-8386.html * https://www.suse.com/security/cve/CVE-2024-8387.html * https://www.suse.com/security/cve/CVE-2024-8394.html * https://bugzilla.suse.com/show_bug.cgi?id=1184272 * https://bugzilla.suse.com/show_bug.cgi?id=1226316 * https://bugzilla.suse.com/show_bug.cgi?id=1228648 * https://bugzilla.suse.com/show_bug.cgi?id=1229821 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 1 16:30:17 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Oct 2024 16:30:17 -0000 Subject: SUSE-SU-2024:3505-1: moderate: Security update for OpenIPMI Message-ID: <172780021726.18960.13091059316498158024@smelt2.prg2.suse.org> # Security update for OpenIPMI Announcement ID: SUSE-SU-2024:3505-1 Release Date: 2024-10-01T14:43:37Z Rating: moderate References: * bsc#1229910 Cross-References: * CVE-2024-42934 CVSS scores: * CVE-2024-42934 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-42934 ( SUSE ): 5.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for OpenIPMI fixes the following issues: * CVE-2024-42934: crash or message authentication bypass on IPMI simulator due to missing bounds check. (bsc#1229910) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3505=1 openSUSE-SLE-15.6-2024-3505=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3505=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * OpenIPMI-debugsource-2.0.31-150600.10.3.1 * OpenIPMI-python3-debuginfo-2.0.31-150600.10.3.1 * OpenIPMI-debuginfo-2.0.31-150600.10.3.1 * OpenIPMI-python3-2.0.31-150600.10.3.1 * libOpenIPMI0-debuginfo-2.0.31-150600.10.3.1 * OpenIPMI-2.0.31-150600.10.3.1 * OpenIPMI-devel-2.0.31-150600.10.3.1 * libOpenIPMI0-2.0.31-150600.10.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * OpenIPMI-debugsource-2.0.31-150600.10.3.1 * OpenIPMI-debuginfo-2.0.31-150600.10.3.1 * libOpenIPMI0-debuginfo-2.0.31-150600.10.3.1 * OpenIPMI-2.0.31-150600.10.3.1 * OpenIPMI-devel-2.0.31-150600.10.3.1 * libOpenIPMI0-2.0.31-150600.10.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-42934.html * https://bugzilla.suse.com/show_bug.cgi?id=1229910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 1 16:30:26 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Oct 2024 16:30:26 -0000 Subject: SUSE-SU-2024:3502-1: moderate: Security update for openvpn Message-ID: <172780022603.18960.5483191951243890486@smelt2.prg2.suse.org> # Security update for openvpn Announcement ID: SUSE-SU-2024:3502-1 Release Date: 2024-10-01T14:03:57Z Rating: moderate References: * bsc#1227546 Cross-References: * CVE-2024-28882 CVSS scores: * CVE-2024-28882 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for openvpn fixes the following issues: * CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session (bsc#1227546) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3502=1 openSUSE-SLE-15.6-2024-3502=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3502=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * openvpn-down-root-plugin-debuginfo-2.6.8-150600.3.3.1 * openvpn-2.6.8-150600.3.3.1 * openvpn-auth-pam-plugin-2.6.8-150600.3.3.1 * openvpn-devel-2.6.8-150600.3.3.1 * openvpn-down-root-plugin-2.6.8-150600.3.3.1 * openvpn-debuginfo-2.6.8-150600.3.3.1 * openvpn-debugsource-2.6.8-150600.3.3.1 * openvpn-auth-pam-plugin-debuginfo-2.6.8-150600.3.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * openvpn-2.6.8-150600.3.3.1 * openvpn-auth-pam-plugin-2.6.8-150600.3.3.1 * openvpn-devel-2.6.8-150600.3.3.1 * openvpn-debuginfo-2.6.8-150600.3.3.1 * openvpn-debugsource-2.6.8-150600.3.3.1 * openvpn-auth-pam-plugin-debuginfo-2.6.8-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28882.html * https://bugzilla.suse.com/show_bug.cgi?id=1227546 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 1 16:30:28 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Oct 2024 16:30:28 -0000 Subject: SUSE-SU-2024:3501-1: important: Security update for openssl-3 Message-ID: <172780022859.18960.1523976713388067759@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2024:3501-1 Release Date: 2024-10-01T14:03:42Z Rating: important References: * bsc#1230698 Cross-References: * CVE-2024-41996 CVSS scores: * CVE-2024-41996 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2024-41996: Validating the order of the public keys in the Diffie- Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3501=1 openSUSE-SLE-15.6-2024-3501=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3501=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-3.1.4-150600.5.18.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.18.1 * openssl-3-debuginfo-3.1.4-150600.5.18.1 * libopenssl3-debuginfo-3.1.4-150600.5.18.1 * libopenssl-3-fips-provider-3.1.4-150600.5.18.1 * libopenssl3-3.1.4-150600.5.18.1 * openssl-3-debugsource-3.1.4-150600.5.18.1 * libopenssl-3-devel-3.1.4-150600.5.18.1 * openSUSE Leap 15.6 (x86_64) * libopenssl3-32bit-debuginfo-3.1.4-150600.5.18.1 * libopenssl-3-devel-32bit-3.1.4-150600.5.18.1 * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.18.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.18.1 * libopenssl3-32bit-3.1.4-150600.5.18.1 * openSUSE Leap 15.6 (noarch) * openssl-3-doc-3.1.4-150600.5.18.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libopenssl-3-devel-64bit-3.1.4-150600.5.18.1 * libopenssl3-64bit-debuginfo-3.1.4-150600.5.18.1 * libopenssl-3-fips-provider-64bit-debuginfo-3.1.4-150600.5.18.1 * libopenssl-3-fips-provider-64bit-3.1.4-150600.5.18.1 * libopenssl3-64bit-3.1.4-150600.5.18.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * openssl-3-3.1.4-150600.5.18.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.18.1 * openssl-3-debuginfo-3.1.4-150600.5.18.1 * libopenssl3-debuginfo-3.1.4-150600.5.18.1 * libopenssl-3-fips-provider-3.1.4-150600.5.18.1 * libopenssl3-3.1.4-150600.5.18.1 * openssl-3-debugsource-3.1.4-150600.5.18.1 * libopenssl-3-devel-3.1.4-150600.5.18.1 * Basesystem Module 15-SP6 (x86_64) * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.18.1 * libopenssl3-32bit-3.1.4-150600.5.18.1 * libopenssl3-32bit-debuginfo-3.1.4-150600.5.18.1 * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.18.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41996.html * https://bugzilla.suse.com/show_bug.cgi?id=1230698 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 2 12:30:04 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Oct 2024 12:30:04 -0000 Subject: SUSE-SU-2024:3510-1: important: Security update for tomcat Message-ID: <172787220492.21943.10003319193994759141@smelt2.prg2.suse.org> # Security update for tomcat Announcement ID: SUSE-SU-2024:3510-1 Release Date: 2024-10-02T11:03:35Z Rating: important References: * bsc#1230986 Cross-References: * CVE-2024-38286 CVSS scores: * CVE-2024-38286 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-38286 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2024-38286: OutOfMemory exception triggered through abuse of the TLS handshake process. (bsc#1230986) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3510=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3510=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3510=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tomcat-el-3_0-api-9.0.36-3.130.1 * tomcat-javadoc-9.0.36-3.130.1 * tomcat-jsp-2_3-api-9.0.36-3.130.1 * tomcat-admin-webapps-9.0.36-3.130.1 * tomcat-webapps-9.0.36-3.130.1 * tomcat-lib-9.0.36-3.130.1 * tomcat-9.0.36-3.130.1 * tomcat-docs-webapp-9.0.36-3.130.1 * tomcat-servlet-4_0-api-9.0.36-3.130.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * tomcat-el-3_0-api-9.0.36-3.130.1 * tomcat-javadoc-9.0.36-3.130.1 * tomcat-jsp-2_3-api-9.0.36-3.130.1 * tomcat-admin-webapps-9.0.36-3.130.1 * tomcat-webapps-9.0.36-3.130.1 * tomcat-lib-9.0.36-3.130.1 * tomcat-9.0.36-3.130.1 * tomcat-docs-webapp-9.0.36-3.130.1 * tomcat-servlet-4_0-api-9.0.36-3.130.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tomcat-el-3_0-api-9.0.36-3.130.1 * tomcat-javadoc-9.0.36-3.130.1 * tomcat-jsp-2_3-api-9.0.36-3.130.1 * tomcat-admin-webapps-9.0.36-3.130.1 * tomcat-webapps-9.0.36-3.130.1 * tomcat-lib-9.0.36-3.130.1 * tomcat-9.0.36-3.130.1 * tomcat-docs-webapp-9.0.36-3.130.1 * tomcat-servlet-4_0-api-9.0.36-3.130.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38286.html * https://bugzilla.suse.com/show_bug.cgi?id=1230986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 2 16:30:03 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Oct 2024 16:30:03 -0000 Subject: SUSE-SU-2024:3158-3: important: Security update for postgresql16 Message-ID: <172788660347.30274.8590421582774496676@smelt2.prg2.suse.org> # Security update for postgresql16 Announcement ID: SUSE-SU-2024:3158-3 Release Date: 2024-10-02T15:11:48Z Rating: important References: * bsc#1229013 Cross-References: * CVE-2024-7348 CVSS scores: * CVE-2024-7348 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-7348 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-7348 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Legacy Module 15-SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql16 fixes the following issues: * Upgrade to 15.8 (bsc#1229013) * CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-3158=1 ## Package List: * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql15-server-devel-15.8-150600.16.6.1 * postgresql15-contrib-15.8-150600.16.6.1 * postgresql15-pltcl-debuginfo-15.8-150600.16.6.1 * postgresql15-pltcl-15.8-150600.16.6.1 * postgresql15-server-devel-debuginfo-15.8-150600.16.6.1 * postgresql15-devel-debuginfo-15.8-150600.16.6.1 * postgresql15-debuginfo-15.8-150600.16.6.1 * postgresql15-plpython-debuginfo-15.8-150600.16.6.1 * postgresql15-server-debuginfo-15.8-150600.16.6.1 * postgresql15-plpython-15.8-150600.16.6.1 * postgresql15-devel-15.8-150600.16.6.1 * postgresql15-15.8-150600.16.6.1 * postgresql15-server-15.8-150600.16.6.1 * postgresql15-contrib-debuginfo-15.8-150600.16.6.1 * postgresql15-plperl-debuginfo-15.8-150600.16.6.1 * postgresql15-debugsource-15.8-150600.16.6.1 * postgresql15-plperl-15.8-150600.16.6.1 * Legacy Module 15-SP6 (noarch) * postgresql15-docs-15.8-150600.16.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-7348.html * https://bugzilla.suse.com/show_bug.cgi?id=1229013 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 3 12:30:11 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 03 Oct 2024 12:30:11 -0000 Subject: SUSE-SU-2024:3516-1: moderate: Security update for libpcap Message-ID: <172795861103.22224.17874137430798693488@smelt2.prg2.suse.org> # Security update for libpcap Announcement ID: SUSE-SU-2024:3516-1 Release Date: 2024-10-03T11:33:46Z Rating: moderate References: * bsc#1230020 * bsc#1230034 Cross-References: * CVE-2023-7256 * CVE-2024-8006 CVSS scores: * CVE-2023-7256 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-7256 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-7256 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8006 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2024-8006 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8006 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpcap fixes the following issues: * CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) * CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3516=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3516=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3516=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3516=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libpcap-devel-static-1.9.1-150300.3.3.1 * libpcap1-debuginfo-1.9.1-150300.3.3.1 * libpcap-debugsource-1.9.1-150300.3.3.1 * libpcap1-1.9.1-150300.3.3.1 * libpcap-devel-1.9.1-150300.3.3.1 * openSUSE Leap 15.3 (x86_64) * libpcap-devel-32bit-1.9.1-150300.3.3.1 * libpcap1-32bit-debuginfo-1.9.1-150300.3.3.1 * libpcap1-32bit-1.9.1-150300.3.3.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libpcap-devel-64bit-1.9.1-150300.3.3.1 * libpcap1-64bit-debuginfo-1.9.1-150300.3.3.1 * libpcap1-64bit-1.9.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libpcap1-debuginfo-1.9.1-150300.3.3.1 * libpcap-debugsource-1.9.1-150300.3.3.1 * libpcap1-1.9.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libpcap1-debuginfo-1.9.1-150300.3.3.1 * libpcap-debugsource-1.9.1-150300.3.3.1 * libpcap1-1.9.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libpcap1-debuginfo-1.9.1-150300.3.3.1 * libpcap-debugsource-1.9.1-150300.3.3.1 * libpcap1-1.9.1-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-7256.html * https://www.suse.com/security/cve/CVE-2024-8006.html * https://bugzilla.suse.com/show_bug.cgi?id=1230020 * https://bugzilla.suse.com/show_bug.cgi?id=1230034 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 3 12:30:16 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 03 Oct 2024 12:30:16 -0000 Subject: SUSE-SU-2024:3515-1: moderate: Security update for expat Message-ID: <172795861688.22224.7828211271024178242@smelt2.prg2.suse.org> # Security update for expat Announcement ID: SUSE-SU-2024:3515-1 Release Date: 2024-10-03T11:33:36Z Rating: moderate References: * bsc#1229930 * bsc#1229931 * bsc#1229932 Cross-References: * CVE-2024-45490 * CVE-2024-45491 * CVE-2024-45492 CVSS scores: * CVE-2024-45490 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45490 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45490 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45491 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45491 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45491 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45492 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45492 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45492 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) * CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) * CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3515=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3515=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3515=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libexpat1-2.2.5-150000.3.30.1 * expat-debugsource-2.2.5-150000.3.30.1 * libexpat1-debuginfo-2.2.5-150000.3.30.1 * expat-debuginfo-2.2.5-150000.3.30.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libexpat1-2.2.5-150000.3.30.1 * expat-debugsource-2.2.5-150000.3.30.1 * libexpat1-debuginfo-2.2.5-150000.3.30.1 * expat-debuginfo-2.2.5-150000.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libexpat1-2.2.5-150000.3.30.1 * expat-debugsource-2.2.5-150000.3.30.1 * libexpat1-debuginfo-2.2.5-150000.3.30.1 * expat-debuginfo-2.2.5-150000.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45490.html * https://www.suse.com/security/cve/CVE-2024-45491.html * https://www.suse.com/security/cve/CVE-2024-45492.html * https://bugzilla.suse.com/show_bug.cgi?id=1229930 * https://bugzilla.suse.com/show_bug.cgi?id=1229931 * https://bugzilla.suse.com/show_bug.cgi?id=1229932 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 3 16:30:04 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 03 Oct 2024 16:30:04 -0000 Subject: SUSE-SU-2024:3519-1: important: Security update for MozillaFirefox Message-ID: <172797300467.22224.13008972263117411310@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2024:3519-1 Release Date: 2024-10-03T13:06:48Z Rating: important References: * bsc#1230979 Affected Products: * Desktop Applications Module 15-SP5 * Desktop Applications Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that has one security fix can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR (MFSA-2024-47, bsc#1230979): * CVE-2024-8900: Clipboard write permission bypass * CVE-2024-9392: Compromised content process can bypass site isolation * CVE-2024-9393: Cross-origin access to PDF contents through multipart responses * CVE-2024-9394: Cross-origin access to JSON contents through multipart responses * CVE-2024-9396: Potential memory corruption may occur when cloning certain objects * CVE-2024-9397: Potential directory upload bypass via clickjacking * CVE-2024-9398: External protocol handlers could be enumerated via popups * CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400: Potential memory corruption during JIT compilation * CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 * CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3519=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3519=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3519=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3519=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3519=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3519=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3519=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3519=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3519=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3519=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3519=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3519=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3519=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-branding-upstream-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-branding-upstream-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * openSUSE Leap 15.6 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * Desktop Applications Module 15-SP6 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.0-150200.152.152.1 * MozillaFirefox-debugsource-128.3.0-150200.152.152.1 * MozillaFirefox-translations-other-128.3.0-150200.152.152.1 * MozillaFirefox-translations-common-128.3.0-150200.152.152.1 * MozillaFirefox-128.3.0-150200.152.152.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-128.3.0-150200.152.152.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1230979 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 3 16:30:08 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 03 Oct 2024 16:30:08 -0000 Subject: SUSE-SU-2024:3518-1: important: Security update for MozillaFirefox Message-ID: <172797300810.22224.11041393810188283514@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2024:3518-1 Release Date: 2024-10-03T13:04:34Z Rating: important References: * bsc#1230979 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one security fix can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR (MFSA-2024-47, bsc#1230979): * CVE-2024-8900: Clipboard write permission bypass * CVE-2024-9392: Compromised content process can bypass site isolation * CVE-2024-9393: Cross-origin access to PDF contents through multipart responses * CVE-2024-9394: Cross-origin access to JSON contents through multipart responses * CVE-2024-9396: Potential memory corruption may occur when cloning certain objects * CVE-2024-9397: Potential directory upload bypass via clickjacking * CVE-2024-9398: External protocol handlers could be enumerated via popups * CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400: Potential memory corruption during JIT compilation * CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 * CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3518=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3518=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3518=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3518=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-128.3.0-112.228.1 * MozillaFirefox-debugsource-128.3.0-112.228.1 * MozillaFirefox-debuginfo-128.3.0-112.228.1 * MozillaFirefox-translations-common-128.3.0-112.228.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-128.3.0-112.228.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-128.3.0-112.228.1 * MozillaFirefox-debugsource-128.3.0-112.228.1 * MozillaFirefox-debuginfo-128.3.0-112.228.1 * MozillaFirefox-translations-common-128.3.0-112.228.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-128.3.0-112.228.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-128.3.0-112.228.1 * MozillaFirefox-debugsource-128.3.0-112.228.1 * MozillaFirefox-debuginfo-128.3.0-112.228.1 * MozillaFirefox-translations-common-128.3.0-112.228.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-128.3.0-112.228.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-128.3.0-112.228.1 * MozillaFirefox-debuginfo-128.3.0-112.228.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-128.3.0-112.228.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1230979 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 3 16:30:16 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 03 Oct 2024 16:30:16 -0000 Subject: SUSE-SU-2024:3517-1: low: Security update for opensc Message-ID: <172797301679.22224.655551456543221462@smelt2.prg2.suse.org> # Security update for opensc Announcement ID: SUSE-SU-2024:3517-1 Release Date: 2024-10-03T12:03:40Z Rating: low References: * bsc#1217722 * bsc#1230071 * bsc#1230072 * bsc#1230073 * bsc#1230074 * bsc#1230075 * bsc#1230076 * bsc#1230364 Cross-References: * CVE-2024-45615 * CVE-2024-45616 * CVE-2024-45617 * CVE-2024-45618 * CVE-2024-45619 * CVE-2024-45620 * CVE-2024-8443 CVSS scores: * CVE-2024-45615 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45615 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45616 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45616 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45616 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45616 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45617 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45617 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45617 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45617 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45618 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45618 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45618 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45618 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45619 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45619 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45619 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45619 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45620 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45620 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45620 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45620 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-8443 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8443 ( SUSE ): 3.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-8443 ( NVD ): 2.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-8443 ( NVD ): 2.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves seven vulnerabilities and has one security fix can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076) * CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075) * CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074) * CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073) * CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072) * CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071) * CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3517=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3517=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3517=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * opensc-debuginfo-0.19.0-150100.3.31.1 * opensc-debugsource-0.19.0-150100.3.31.1 * opensc-0.19.0-150100.3.31.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * opensc-debuginfo-0.19.0-150100.3.31.1 * opensc-debugsource-0.19.0-150100.3.31.1 * opensc-0.19.0-150100.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * opensc-debuginfo-0.19.0-150100.3.31.1 * opensc-debugsource-0.19.0-150100.3.31.1 * opensc-0.19.0-150100.3.31.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45615.html * https://www.suse.com/security/cve/CVE-2024-45616.html * https://www.suse.com/security/cve/CVE-2024-45617.html * https://www.suse.com/security/cve/CVE-2024-45618.html * https://www.suse.com/security/cve/CVE-2024-45619.html * https://www.suse.com/security/cve/CVE-2024-45620.html * https://www.suse.com/security/cve/CVE-2024-8443.html * https://bugzilla.suse.com/show_bug.cgi?id=1217722 * https://bugzilla.suse.com/show_bug.cgi?id=1230071 * https://bugzilla.suse.com/show_bug.cgi?id=1230072 * https://bugzilla.suse.com/show_bug.cgi?id=1230073 * https://bugzilla.suse.com/show_bug.cgi?id=1230074 * https://bugzilla.suse.com/show_bug.cgi?id=1230075 * https://bugzilla.suse.com/show_bug.cgi?id=1230076 * https://bugzilla.suse.com/show_bug.cgi?id=1230364 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 4 16:30:08 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 04 Oct 2024 16:30:08 -0000 Subject: SUSE-SU-2024:3533-1: important: Security update for pcp Message-ID: <172805940890.21943.3425967083704384229@smelt2.prg2.suse.org> # Security update for pcp Announcement ID: SUSE-SU-2024:3533-1 Release Date: 2024-10-04T14:40:38Z Rating: important References: * bsc#1217826 * bsc#1222121 * bsc#1222815 * bsc#1230551 * bsc#1230552 * jsc#PED-8192 * jsc#PED-8389 Cross-References: * CVE-2023-6917 * CVE-2024-3019 * CVE-2024-45769 * CVE-2024-45770 CVSS scores: * CVE-2023-6917 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-3019 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45769 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45770 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2024-45770 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2024-45770 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities, contains two features and has one security fix can now be installed. ## Description: This update for pcp fixes the following issues: pcp was updated from version 5.3.7 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389): * Security issues fixed: * CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552) * CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551) * CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826) * CVE-2024-3019: Disabled redis proxy by default (bsc#1222121) * Major changes: * Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes. * Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting * Version 2 archives remain the default (for next few years). * Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR); this impacts on libpcp, PMAPI clients and PMCD use of encryption; these are now configured and used consistently with pmproxy HTTPS support and redis- server, which were both already using OpenSSL. * New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps. These are all optional, and full backward compatibility is preserved for existing tools. * For the full list of changes please consult the packaged CHANGELOG file * Other packaging changes: * Moved pmlogger_daily into main package (bsc#1222815) * Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p. Required for SLE-12. * Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64. * Change the architecture for various subpackages to 'noarch' as they contain no binaries. * Disable 'pmda-mssql', as it fails to build. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3533=1 SUSE-2024-3533=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3533=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * pcp-pmda-dm-6.2.0-150600.3.6.1 * libpcp_web1-debuginfo-6.2.0-150600.3.6.1 * libpcp_gui2-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-nvidia-gpu-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-hacluster-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-lustrecomm-6.2.0-150600.3.6.1 * pcp-pmda-gfs2-6.2.0-150600.3.6.1 * pcp-pmda-mounts-debuginfo-6.2.0-150600.3.6.1 * pcp-devel-debuginfo-6.2.0-150600.3.6.1 * pcp-system-tools-6.2.0-150600.3.6.1 * python3-pcp-6.2.0-150600.3.6.1 * pcp-pmda-systemd-debuginfo-6.2.0-150600.3.6.1 * libpcp3-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-apache-6.2.0-150600.3.6.1 * pcp-pmda-sockets-debuginfo-6.2.0-150600.3.6.1 * perl-PCP-MMV-6.2.0-150600.3.6.1 * pcp-pmda-summary-6.2.0-150600.3.6.1 * pcp-pmda-bash-6.2.0-150600.3.6.1 * pcp-pmda-mailq-6.2.0-150600.3.6.1 * pcp-pmda-sendmail-6.2.0-150600.3.6.1 * libpcp_web1-6.2.0-150600.3.6.1 * pcp-pmda-apache-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-logger-6.2.0-150600.3.6.1 * pcp-testsuite-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-trace-debuginfo-6.2.0-150600.3.6.1 * pcp-devel-6.2.0-150600.3.6.1 * pcp-pmda-summary-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-logger-debuginfo-6.2.0-150600.3.6.1 * perl-PCP-PMDA-6.2.0-150600.3.6.1 * pcp-pmda-sockets-6.2.0-150600.3.6.1 * pcp-pmda-weblog-6.2.0-150600.3.6.1 * perl-PCP-MMV-debuginfo-6.2.0-150600.3.6.1 * pcp-debugsource-6.2.0-150600.3.6.1 * pcp-6.2.0-150600.3.6.1 * pcp-pmda-smart-6.2.0-150600.3.6.1 * pcp-pmda-roomtemp-6.2.0-150600.3.6.1 * pcp-pmda-docker-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-shping-6.2.0-150600.3.6.1 * pcp-pmda-shping-debuginfo-6.2.0-150600.3.6.1 * perl-PCP-LogSummary-6.2.0-150600.3.6.1 * libpcp_gui2-6.2.0-150600.3.6.1 * pcp-pmda-smart-debuginfo-6.2.0-150600.3.6.1 * perl-PCP-LogImport-6.2.0-150600.3.6.1 * libpcp3-6.2.0-150600.3.6.1 * pcp-pmda-cifs-debuginfo-6.2.0-150600.3.6.1 * python3-pcp-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-cifs-6.2.0-150600.3.6.1 * pcp-pmda-cisco-6.2.0-150600.3.6.1 * pcp-pmda-hacluster-6.2.0-150600.3.6.1 * pcp-pmda-mailq-debuginfo-6.2.0-150600.3.6.1 * pcp-import-collectl2pcp-6.2.0-150600.3.6.1 * pcp-pmda-gfs2-debuginfo-6.2.0-150600.3.6.1 * libpcp_import1-debuginfo-6.2.0-150600.3.6.1 * libpcp-devel-6.2.0-150600.3.6.1 * pcp-pmda-roomtemp-debuginfo-6.2.0-150600.3.6.1 * libpcp_trace2-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-trace-6.2.0-150600.3.6.1 * perl-PCP-PMDA-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-zimbra-debuginfo-6.2.0-150600.3.6.1 * libpcp_mmv1-6.2.0-150600.3.6.1 * pcp-pmda-nvidia-gpu-6.2.0-150600.3.6.1 * pcp-pmda-bash-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-cisco-debuginfo-6.2.0-150600.3.6.1 * libpcp_import1-6.2.0-150600.3.6.1 * pcp-gui-debuginfo-6.2.0-150600.3.6.1 * libpcp_trace2-6.2.0-150600.3.6.1 * pcp-testsuite-6.2.0-150600.3.6.1 * libpcp_mmv1-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-systemd-6.2.0-150600.3.6.1 * pcp-pmda-lustrecomm-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-sendmail-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-weblog-debuginfo-6.2.0-150600.3.6.1 * pcp-system-tools-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-mounts-6.2.0-150600.3.6.1 * pcp-import-collectl2pcp-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-zimbra-6.2.0-150600.3.6.1 * pcp-gui-6.2.0-150600.3.6.1 * pcp-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-docker-6.2.0-150600.3.6.1 * pcp-pmda-dm-debuginfo-6.2.0-150600.3.6.1 * perl-PCP-LogImport-debuginfo-6.2.0-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * pcp-pmda-redis-6.2.0-150600.3.6.1 * pcp-pmda-snmp-6.2.0-150600.3.6.1 * pcp-pmda-postfix-6.2.0-150600.3.6.1 * pcp-pmda-memcache-6.2.0-150600.3.6.1 * pcp-pmda-mysql-6.2.0-150600.3.6.1 * pcp-pmda-news-6.2.0-150600.3.6.1 * pcp-pmda-samba-6.2.0-150600.3.6.1 * pcp-export-pcp2influxdb-6.2.0-150600.3.6.1 * pcp-pmda-nfsclient-6.2.0-150600.3.6.1 * pcp-pmda-openmetrics-6.2.0-150600.3.6.1 * pcp-export-pcp2elasticsearch-6.2.0-150600.3.6.1 * pcp-conf-6.2.0-150600.3.6.1 * pcp-pmda-nutcracker-6.2.0-150600.3.6.1 * pcp-pmda-lmsensors-6.2.0-150600.3.6.1 * pcp-pmda-unbound-6.2.0-150600.3.6.1 * pcp-pmda-gluster-6.2.0-150600.3.6.1 * pcp-pmda-mic-6.2.0-150600.3.6.1 * pcp-pmda-named-6.2.0-150600.3.6.1 * pcp-pmda-netfilter-6.2.0-150600.3.6.1 * pcp-pmda-zswap-6.2.0-150600.3.6.1 * pcp-pmda-ds389-6.2.0-150600.3.6.1 * pcp-pmda-slurm-6.2.0-150600.3.6.1 * pcp-import-mrtg2pcp-6.2.0-150600.3.6.1 * pcp-pmda-dbping-6.2.0-150600.3.6.1 * pcp-pmda-netcheck-6.2.0-150600.3.6.1 * pcp-pmda-openvswitch-6.2.0-150600.3.6.1 * pcp-pmda-json-6.2.0-150600.3.6.1 * pcp-pmda-elasticsearch-6.2.0-150600.3.6.1 * pcp-import-sar2pcp-6.2.0-150600.3.6.1 * pcp-doc-6.2.0-150600.3.6.1 * pcp-pmda-haproxy-6.2.0-150600.3.6.1 * pcp-pmda-gpsd-6.2.0-150600.3.6.1 * pcp-pmda-ds389log-6.2.0-150600.3.6.1 * pcp-export-pcp2json-6.2.0-150600.3.6.1 * pcp-pmda-gpfs-6.2.0-150600.3.6.1 * pcp-pmda-oracle-6.2.0-150600.3.6.1 * pcp-pmda-rsyslog-6.2.0-150600.3.6.1 * pcp-export-pcp2zabbix-6.2.0-150600.3.6.1 * pcp-pmda-lustre-6.2.0-150600.3.6.1 * pcp-import-iostat2pcp-6.2.0-150600.3.6.1 * pcp-pmda-activemq-6.2.0-150600.3.6.1 * pcp-import-ganglia2pcp-6.2.0-150600.3.6.1 * pcp-pmda-bonding-6.2.0-150600.3.6.1 * pcp-pmda-pdns-6.2.0-150600.3.6.1 * pcp-zeroconf-6.2.0-150600.3.6.1 * pcp-export-pcp2spark-6.2.0-150600.3.6.1 * pcp-pmda-rabbitmq-6.2.0-150600.3.6.1 * pcp-pmda-nginx-6.2.0-150600.3.6.1 * pcp-export-pcp2graphite-6.2.0-150600.3.6.1 * pcp-export-pcp2xml-6.2.0-150600.3.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64 i586) * pcp-pmda-infiniband-6.2.0-150600.3.6.1 * pcp-pmda-perfevent-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-infiniband-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-perfevent-6.2.0-150600.3.6.1 * openSUSE Leap 15.6 (x86_64) * pcp-pmda-resctrl-6.2.0-150600.3.6.1 * pcp-pmda-resctrl-debuginfo-6.2.0-150600.3.6.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libpcp_web1-debuginfo-6.2.0-150600.3.6.1 * libpcp_gui2-debuginfo-6.2.0-150600.3.6.1 * pcp-system-tools-6.2.0-150600.3.6.1 * python3-pcp-6.2.0-150600.3.6.1 * pcp-devel-debuginfo-6.2.0-150600.3.6.1 * libpcp3-debuginfo-6.2.0-150600.3.6.1 * perl-PCP-MMV-6.2.0-150600.3.6.1 * libpcp_web1-6.2.0-150600.3.6.1 * pcp-devel-6.2.0-150600.3.6.1 * perl-PCP-MMV-debuginfo-6.2.0-150600.3.6.1 * pcp-debugsource-6.2.0-150600.3.6.1 * pcp-6.2.0-150600.3.6.1 * perl-PCP-LogSummary-6.2.0-150600.3.6.1 * libpcp_gui2-6.2.0-150600.3.6.1 * perl-PCP-LogImport-6.2.0-150600.3.6.1 * libpcp3-6.2.0-150600.3.6.1 * python3-pcp-debuginfo-6.2.0-150600.3.6.1 * perl-PCP-PMDA-6.2.0-150600.3.6.1 * libpcp_import1-debuginfo-6.2.0-150600.3.6.1 * libpcp-devel-6.2.0-150600.3.6.1 * libpcp_trace2-debuginfo-6.2.0-150600.3.6.1 * libpcp_mmv1-6.2.0-150600.3.6.1 * libpcp_import1-6.2.0-150600.3.6.1 * libpcp_trace2-6.2.0-150600.3.6.1 * libpcp_mmv1-debuginfo-6.2.0-150600.3.6.1 * pcp-system-tools-debuginfo-6.2.0-150600.3.6.1 * perl-PCP-PMDA-debuginfo-6.2.0-150600.3.6.1 * pcp-debuginfo-6.2.0-150600.3.6.1 * perl-PCP-LogImport-debuginfo-6.2.0-150600.3.6.1 * Development Tools Module 15-SP6 (noarch) * pcp-import-sar2pcp-6.2.0-150600.3.6.1 * pcp-conf-6.2.0-150600.3.6.1 * pcp-import-iostat2pcp-6.2.0-150600.3.6.1 * pcp-import-mrtg2pcp-6.2.0-150600.3.6.1 * pcp-doc-6.2.0-150600.3.6.1 * Development Tools Module 15-SP6 (ppc64le) * pcp-pmda-perfevent-debuginfo-6.2.0-150600.3.6.1 * pcp-pmda-perfevent-6.2.0-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6917.html * https://www.suse.com/security/cve/CVE-2024-3019.html * https://www.suse.com/security/cve/CVE-2024-45769.html * https://www.suse.com/security/cve/CVE-2024-45770.html * https://bugzilla.suse.com/show_bug.cgi?id=1217826 * https://bugzilla.suse.com/show_bug.cgi?id=1222121 * https://bugzilla.suse.com/show_bug.cgi?id=1222815 * https://bugzilla.suse.com/show_bug.cgi?id=1230551 * https://bugzilla.suse.com/show_bug.cgi?id=1230552 * https://jira.suse.com/browse/PED-8192 * https://jira.suse.com/browse/PED-8389 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 4 16:30:11 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 04 Oct 2024 16:30:11 -0000 Subject: SUSE-SU-2024:3532-1: moderate: Security update for openvpn Message-ID: <172805941174.21943.1943023258633808496@smelt2.prg2.suse.org> # Security update for openvpn Announcement ID: SUSE-SU-2024:3532-1 Release Date: 2024-10-04T14:29:54Z Rating: moderate References: * bsc#1227546 Cross-References: * CVE-2024-28882 CVSS scores: * CVE-2024-28882 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvpn fixes the following issues: * CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session (bsc#1227546) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3532=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3532=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3532=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openvpn-2.3.8-16.32.1 * openvpn-auth-pam-plugin-debuginfo-2.3.8-16.32.1 * openvpn-debuginfo-2.3.8-16.32.1 * openvpn-auth-pam-plugin-2.3.8-16.32.1 * openvpn-debugsource-2.3.8-16.32.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openvpn-2.3.8-16.32.1 * openvpn-auth-pam-plugin-debuginfo-2.3.8-16.32.1 * openvpn-debuginfo-2.3.8-16.32.1 * openvpn-auth-pam-plugin-2.3.8-16.32.1 * openvpn-debugsource-2.3.8-16.32.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openvpn-2.3.8-16.32.1 * openvpn-auth-pam-plugin-debuginfo-2.3.8-16.32.1 * openvpn-debuginfo-2.3.8-16.32.1 * openvpn-auth-pam-plugin-2.3.8-16.32.1 * openvpn-debugsource-2.3.8-16.32.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28882.html * https://bugzilla.suse.com/show_bug.cgi?id=1227546 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 4 16:30:29 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 04 Oct 2024 16:30:29 -0000 Subject: SUSE-SU-2024:3526-1: moderate: Security update for Mesa Message-ID: <172805942932.21943.6889803552367153934@smelt2.prg2.suse.org> # Security update for Mesa Announcement ID: SUSE-SU-2024:3526-1 Release Date: 2024-10-04T13:25:21Z Rating: moderate References: * bsc#1222040 * bsc#1222041 * bsc#1222042 Cross-References: * CVE-2023-45913 * CVE-2023-45919 * CVE-2023-45922 CVSS scores: * CVE-2023-45913 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45919 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H * CVE-2023-45922 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for Mesa fixes the following issues: * CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041). * CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040). * CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#CVE-2023-45922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3526=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3526=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3526=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-3526=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3526=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * Mesa-dri-18.3.2-14.9.1 * Mesa-dri-debuginfo-18.3.2-14.9.1 * Mesa-libGL1-debuginfo-18.3.2-14.9.1 * Mesa-libglapi0-debuginfo-18.3.2-14.9.1 * Mesa-debugsource-18.3.2-14.9.1 * Mesa-libEGL1-debuginfo-18.3.2-14.9.1 * Mesa-libGLESv2-2-18.3.2-14.9.1 * Mesa-libGLESv2-2-debuginfo-18.3.2-14.9.1 * Mesa-18.3.2-14.9.1 * libgbm1-18.3.2-14.9.1 * Mesa-libglapi0-18.3.2-14.9.1 * Mesa-libGL1-18.3.2-14.9.1 * libgbm1-debuginfo-18.3.2-14.9.1 * Mesa-drivers-debugsource-18.3.2-14.9.1 * libxatracker2-debuginfo-1.0.0-14.9.1 * Mesa-libEGL1-18.3.2-14.9.1 * libxatracker2-1.0.0-14.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * Mesa-libGL1-debuginfo-32bit-18.3.2-14.9.1 * Mesa-libGL1-32bit-18.3.2-14.9.1 * libgbm1-32bit-18.3.2-14.9.1 * Mesa-libEGL1-debuginfo-32bit-18.3.2-14.9.1 * Mesa-dri-32bit-18.3.2-14.9.1 * libgbm1-debuginfo-32bit-18.3.2-14.9.1 * Mesa-libEGL1-32bit-18.3.2-14.9.1 * Mesa-libglapi0-debuginfo-32bit-18.3.2-14.9.1 * Mesa-32bit-18.3.2-14.9.1 * Mesa-dri-debuginfo-32bit-18.3.2-14.9.1 * Mesa-libglapi0-32bit-18.3.2-14.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * Mesa-dri-18.3.2-14.9.1 * Mesa-dri-debuginfo-18.3.2-14.9.1 * Mesa-libGL1-debuginfo-18.3.2-14.9.1 * Mesa-libglapi0-debuginfo-18.3.2-14.9.1 * Mesa-debugsource-18.3.2-14.9.1 * Mesa-libEGL1-debuginfo-18.3.2-14.9.1 * Mesa-libGLESv2-2-18.3.2-14.9.1 * Mesa-libGLESv2-2-debuginfo-18.3.2-14.9.1 * Mesa-18.3.2-14.9.1 * libgbm1-18.3.2-14.9.1 * Mesa-libglapi0-18.3.2-14.9.1 * Mesa-libGL1-18.3.2-14.9.1 * libgbm1-debuginfo-18.3.2-14.9.1 * Mesa-drivers-debugsource-18.3.2-14.9.1 * Mesa-libEGL1-18.3.2-14.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le x86_64) * libxatracker2-1.0.0-14.9.1 * libxatracker2-debuginfo-1.0.0-14.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * Mesa-libGL1-debuginfo-32bit-18.3.2-14.9.1 * Mesa-libGL1-32bit-18.3.2-14.9.1 * libgbm1-32bit-18.3.2-14.9.1 * Mesa-libEGL1-debuginfo-32bit-18.3.2-14.9.1 * Mesa-dri-32bit-18.3.2-14.9.1 * libgbm1-debuginfo-32bit-18.3.2-14.9.1 * Mesa-libEGL1-32bit-18.3.2-14.9.1 * Mesa-32bit-18.3.2-14.9.1 * Mesa-libglapi0-debuginfo-32bit-18.3.2-14.9.1 * Mesa-dri-debuginfo-32bit-18.3.2-14.9.1 * Mesa-libglapi0-32bit-18.3.2-14.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * Mesa-dri-18.3.2-14.9.1 * Mesa-dri-debuginfo-18.3.2-14.9.1 * Mesa-libGL1-debuginfo-18.3.2-14.9.1 * Mesa-libglapi0-debuginfo-18.3.2-14.9.1 * Mesa-debugsource-18.3.2-14.9.1 * Mesa-libEGL1-debuginfo-18.3.2-14.9.1 * Mesa-libGLESv2-2-18.3.2-14.9.1 * Mesa-libGLESv2-2-debuginfo-18.3.2-14.9.1 * Mesa-18.3.2-14.9.1 * libgbm1-18.3.2-14.9.1 * Mesa-libglapi0-18.3.2-14.9.1 * Mesa-libGL1-18.3.2-14.9.1 * libgbm1-debuginfo-18.3.2-14.9.1 * Mesa-drivers-debugsource-18.3.2-14.9.1 * libxatracker2-debuginfo-1.0.0-14.9.1 * Mesa-libEGL1-18.3.2-14.9.1 * libxatracker2-1.0.0-14.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * Mesa-libGL1-debuginfo-32bit-18.3.2-14.9.1 * Mesa-libGL1-32bit-18.3.2-14.9.1 * libgbm1-32bit-18.3.2-14.9.1 * Mesa-libEGL1-debuginfo-32bit-18.3.2-14.9.1 * Mesa-dri-32bit-18.3.2-14.9.1 * libgbm1-debuginfo-32bit-18.3.2-14.9.1 * Mesa-libEGL1-32bit-18.3.2-14.9.1 * Mesa-libglapi0-debuginfo-32bit-18.3.2-14.9.1 * Mesa-32bit-18.3.2-14.9.1 * Mesa-dri-debuginfo-32bit-18.3.2-14.9.1 * Mesa-libglapi0-32bit-18.3.2-14.9.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * Mesa-libGLESv1_CM1-debuginfo-18.3.2-14.9.1 * libXvMC_r600-debuginfo-18.3.2-14.9.1 * Mesa-debugsource-18.3.2-14.9.1 * libXvMC_r600-18.3.2-14.9.1 * libvdpau_nouveau-18.3.2-14.9.1 * libvulkan_intel-18.3.2-14.9.1 * libvulkan_radeon-debuginfo-18.3.2-14.9.1 * Mesa-libGLESv2-2-debuginfo-32bit-18.3.2-14.9.1 * libvdpau_nouveau-debuginfo-18.3.2-14.9.1 * Mesa-libGLESv1_CM1-18.3.2-14.9.1 * Mesa-drivers-debugsource-18.3.2-14.9.1 * libvdpau_radeonsi-18.3.2-14.9.1 * libvulkan_radeon-18.3.2-14.9.1 * libvdpau_r600-18.3.2-14.9.1 * libXvMC_nouveau-18.3.2-14.9.1 * libvdpau_radeonsi-debuginfo-18.3.2-14.9.1 * Mesa-libva-18.3.2-14.9.1 * Mesa-libva-debuginfo-18.3.2-14.9.1 * libvdpau_r600-debuginfo-18.3.2-14.9.1 * libXvMC_nouveau-debuginfo-18.3.2-14.9.1 * Mesa-libGLESv2-2-32bit-18.3.2-14.9.1 * Mesa-libd3d-18.3.2-14.9.1 * libvulkan_intel-debuginfo-18.3.2-14.9.1 * Mesa-libd3d-debuginfo-18.3.2-14.9.1 * libvdpau_r300-18.3.2-14.9.1 * libvdpau_r300-debuginfo-18.3.2-14.9.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libOSMesa8-debuginfo-18.3.2-14.9.1 * Mesa-devel-18.3.2-14.9.1 * Mesa-libGLESv1_CM1-debuginfo-18.3.2-14.9.1 * Mesa-debugsource-18.3.2-14.9.1 * libOSMesa-devel-18.3.2-14.9.1 * Mesa-libGLESv3-devel-18.3.2-14.9.1 * Mesa-KHR-devel-18.3.2-14.9.1 * Mesa-libGLESv2-devel-18.3.2-14.9.1 * libOSMesa8-18.3.2-14.9.1 * Mesa-libglapi-devel-18.3.2-14.9.1 * Mesa-dri-devel-18.3.2-14.9.1 * Mesa-libGL-devel-18.3.2-14.9.1 * libgbm-devel-18.3.2-14.9.1 * Mesa-libGLESv1_CM1-18.3.2-14.9.1 * Mesa-libEGL-devel-18.3.2-14.9.1 * Mesa-libGLESv1_CM-devel-18.3.2-14.9.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 x86_64) * Mesa-libd3d-devel-18.3.2-14.9.1 * Mesa-drivers-debugsource-18.3.2-14.9.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le x86_64) * libxatracker-devel-1.0.0-14.9.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libOSMesa8-debuginfo-32bit-18.3.2-14.9.1 * libOSMesa8-32bit-18.3.2-14.9.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64) * Mesa-libVulkan-devel-18.3.2-14.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45913.html * https://www.suse.com/security/cve/CVE-2023-45919.html * https://www.suse.com/security/cve/CVE-2023-45922.html * https://bugzilla.suse.com/show_bug.cgi?id=1222040 * https://bugzilla.suse.com/show_bug.cgi?id=1222041 * https://bugzilla.suse.com/show_bug.cgi?id=1222042 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 4 16:30:32 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 04 Oct 2024 16:30:32 -0000 Subject: SUSE-SU-2024:3525-1: important: Security update for openssl-3 Message-ID: <172805943219.21943.15100283900391047859@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2024:3525-1 Release Date: 2024-10-04T13:21:09Z Rating: important References: * bsc#1230698 Cross-References: * CVE-2024-41996 CVSS scores: * CVE-2024-41996 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2024-41996: Validating the order of the public keys in the Diffie- Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3525=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3525=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3525=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3525=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3525=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3525=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3525=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3525=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3525=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3525=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3525=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3525=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3525=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-3.0.8-150400.4.66.1 * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl-3-devel-3.0.8-150400.4.66.1 * openssl-3-debuginfo-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * openSUSE Leap 15.4 (x86_64) * libopenssl3-32bit-3.0.8-150400.4.66.1 * libopenssl-3-devel-32bit-3.0.8-150400.4.66.1 * libopenssl3-32bit-debuginfo-3.0.8-150400.4.66.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.66.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl3-64bit-3.0.8-150400.4.66.1 * libopenssl-3-devel-64bit-3.0.8-150400.4.66.1 * libopenssl3-64bit-debuginfo-3.0.8-150400.4.66.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openssl-3-3.0.8-150400.4.66.1 * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl-3-devel-3.0.8-150400.4.66.1 * openssl-3-debuginfo-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openssl-3-3.0.8-150400.4.66.1 * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl-3-devel-3.0.8-150400.4.66.1 * openssl-3-debuginfo-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * openssl-3-3.0.8-150400.4.66.1 * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl-3-devel-3.0.8-150400.4.66.1 * openssl-3-debuginfo-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-3-3.0.8-150400.4.66.1 * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl-3-devel-3.0.8-150400.4.66.1 * openssl-3-debuginfo-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openssl-3-3.0.8-150400.4.66.1 * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl-3-devel-3.0.8-150400.4.66.1 * openssl-3-debuginfo-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Manager Proxy 4.3 (x86_64) * openssl-3-3.0.8-150400.4.66.1 * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl-3-devel-3.0.8-150400.4.66.1 * openssl-3-debuginfo-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * openssl-3-3.0.8-150400.4.66.1 * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl-3-devel-3.0.8-150400.4.66.1 * openssl-3-debuginfo-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * openssl-3-3.0.8-150400.4.66.1 * openssl-3-debugsource-3.0.8-150400.4.66.1 * libopenssl-3-devel-3.0.8-150400.4.66.1 * openssl-3-debuginfo-3.0.8-150400.4.66.1 * libopenssl3-3.0.8-150400.4.66.1 * libopenssl3-debuginfo-3.0.8-150400.4.66.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41996.html * https://bugzilla.suse.com/show_bug.cgi?id=1230698 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 4 16:30:35 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 04 Oct 2024 16:30:35 -0000 Subject: SUSE-SU-2024:3524-1: important: Security update for frr Message-ID: <172805943555.21943.9359122047743935538@smelt2.prg2.suse.org> # Security update for frr Announcement ID: SUSE-SU-2024:3524-1 Release Date: 2024-10-04T13:18:52Z Rating: important References: * bsc#1230866 Cross-References: * CVE-2017-15865 CVSS scores: * CVE-2017-15865 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2017-15865 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2017-15865 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for frr fixes the following issue: * Arithmetic overflow when parsing attribute of update packet due to regression introduced by the fix for CVE-2017-15865. (bsc#1230866) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3524=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3524=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3524=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3524=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3524=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3524=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3524=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3524=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3524=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3524=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3524=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3524=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Manager Proxy 4.3 (x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 ## References: * https://www.suse.com/security/cve/CVE-2017-15865.html * https://bugzilla.suse.com/show_bug.cgi?id=1230866 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 4 16:30:41 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 04 Oct 2024 16:30:41 -0000 Subject: SUSE-SU-2024:3523-1: critical: Security update for cups-filters Message-ID: <172805944128.21943.3048588137931140821@smelt2.prg2.suse.org> # Security update for cups-filters Announcement ID: SUSE-SU-2024:3523-1 Release Date: 2024-10-04T13:17:53Z Rating: critical References: * bsc#1230939 Cross-References: * CVE-2024-47176 CVSS scores: * CVE-2024-47176 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2024-47176 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-47176 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for cups-filters fixes the following issues: * cups-browsed would bind on UDP INADDR_ANY:631 and trust any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. This patch removes support for the legacy CUPS and LDAP protocols(bsc#1230939, CVE-2024-47176) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3523=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3523=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3523=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3523=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3523=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3523=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3523=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3523=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3523=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3523=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3523=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3523=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3523=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3523=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3523=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3523=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3523=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3523=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3523=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Manager Proxy 4.3 (x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.16.1 * cups-filters-debugsource-1.25.0-150200.3.16.1 * cups-filters-devel-1.25.0-150200.3.16.1 * cups-filters-debuginfo-1.25.0-150200.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47176.html * https://bugzilla.suse.com/show_bug.cgi?id=1230939 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Oct 7 12:30:10 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 07 Oct 2024 12:30:10 -0000 Subject: SUSE-SU-2024:3535-1: important: Security update for redis Message-ID: <172830421003.6932.1459638310325911776@smelt2.prg2.suse.org> # Security update for redis Announcement ID: SUSE-SU-2024:3535-1 Release Date: 2024-10-07T08:53:19Z Rating: important References: * bsc#1231264 * bsc#1231265 * bsc#1231266 Cross-References: * CVE-2024-31227 * CVE-2024-31228 * CVE-2024-31449 CVSS scores: * CVE-2024-31227 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2024-31228 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-31449 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2024-31227: Fixed parsing issue leading to denail of service (bsc#1231266) * CVE-2024-31228: Fixed unbounded recursive pattern matching (bsc#1231265) * CVE-2024-31449: Fixed integer overflow bug in Lua bit_tohex (bsc#1231264) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3535=1 SUSE-2024-3535=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-3535=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * redis-7.2.4-150600.3.3.1 * redis-debuginfo-7.2.4-150600.3.3.1 * redis-debugsource-7.2.4-150600.3.3.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * redis-7.2.4-150600.3.3.1 * redis-debuginfo-7.2.4-150600.3.3.1 * redis-debugsource-7.2.4-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31227.html * https://www.suse.com/security/cve/CVE-2024-31228.html * https://www.suse.com/security/cve/CVE-2024-31449.html * https://bugzilla.suse.com/show_bug.cgi?id=1231264 * https://bugzilla.suse.com/show_bug.cgi?id=1231265 * https://bugzilla.suse.com/show_bug.cgi?id=1231266 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Oct 7 16:30:07 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 07 Oct 2024 16:30:07 -0000 Subject: SUSE-SU-2024:3538-1: moderate: Security update for mozjs115 Message-ID: <172831860783.7152.13297878808602876373@smelt2.prg2.suse.org> # Security update for mozjs115 Announcement ID: SUSE-SU-2024:3538-1 Release Date: 2024-10-07T12:16:42Z Rating: moderate References: * bsc#1230036 * bsc#1230037 * bsc#1230038 Cross-References: * CVE-2024-45490 * CVE-2024-45491 * CVE-2024-45492 CVSS scores: * CVE-2024-45490 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45490 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45490 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45491 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45491 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45491 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45492 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45492 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45492 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs115 fixes the following issues: * CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036) * CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037) * CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3538=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3538=1 openSUSE-SLE-15.6-2024-3538=1 ## Package List: * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * mozjs115-debugsource-115.4.0-150600.3.3.1 * libmozjs-115-0-115.4.0-150600.3.3.1 * mozjs115-debuginfo-115.4.0-150600.3.3.1 * mozjs115-devel-115.4.0-150600.3.3.1 * libmozjs-115-0-debuginfo-115.4.0-150600.3.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i686) * mozjs115-debugsource-115.4.0-150600.3.3.1 * libmozjs-115-0-115.4.0-150600.3.3.1 * mozjs115-debuginfo-115.4.0-150600.3.3.1 * mozjs115-115.4.0-150600.3.3.1 * mozjs115-devel-115.4.0-150600.3.3.1 * libmozjs-115-0-debuginfo-115.4.0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45490.html * https://www.suse.com/security/cve/CVE-2024-45491.html * https://www.suse.com/security/cve/CVE-2024-45492.html * https://bugzilla.suse.com/show_bug.cgi?id=1230036 * https://bugzilla.suse.com/show_bug.cgi?id=1230037 * https://bugzilla.suse.com/show_bug.cgi?id=1230038 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Oct 7 16:30:12 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 07 Oct 2024 16:30:12 -0000 Subject: SUSE-SU-2024:3537-1: important: Security update for redis7 Message-ID: <172831861272.7152.5269812606004022742@smelt2.prg2.suse.org> # Security update for redis7 Announcement ID: SUSE-SU-2024:3537-1 Release Date: 2024-10-07T12:16:21Z Rating: important References: * bsc#1231264 * bsc#1231265 * bsc#1231266 Cross-References: * CVE-2024-31227 * CVE-2024-31228 * CVE-2024-31449 CVSS scores: * CVE-2024-31227 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2024-31228 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-31449 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for redis7 fixes the following issues: * CVE-2024-31227: Fixed parsing issue leading to denail of service (bsc#1231266) * CVE-2024-31228: Fixed unbounded recursive pattern matching (bsc#1231265) * CVE-2024-31449: Fixed integer overflow bug in Lua bit_tohex (bsc#1231264) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3537=1 openSUSE-SLE-15.6-2024-3537=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-3537=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * redis7-7.0.8-150600.8.3.1 * redis7-debuginfo-7.0.8-150600.8.3.1 * redis7-debugsource-7.0.8-150600.8.3.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * redis7-7.0.8-150600.8.3.1 * redis7-debuginfo-7.0.8-150600.8.3.1 * redis7-debugsource-7.0.8-150600.8.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31227.html * https://www.suse.com/security/cve/CVE-2024-31228.html * https://www.suse.com/security/cve/CVE-2024-31449.html * https://bugzilla.suse.com/show_bug.cgi?id=1231264 * https://bugzilla.suse.com/show_bug.cgi?id=1231265 * https://bugzilla.suse.com/show_bug.cgi?id=1231266 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 12:30:15 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 12:30:15 -0000 Subject: SUSE-SU-2024:3541-1: moderate: Security update for podofo Message-ID: <172839061528.6932.4602362817769080982@smelt2.prg2.suse.org> # Security update for podofo Announcement ID: SUSE-SU-2024:3541-1 Release Date: 2024-10-08T08:33:37Z Rating: moderate References: * bsc#1023072 * bsc#1023190 * bsc#1027776 * bsc#1027779 * bsc#1027785 * bsc#1027786 * bsc#1027787 * bsc#1037000 * bsc#1075772 * bsc#1127855 * bsc#1131544 Cross-References: * CVE-2015-8981 * CVE-2017-5854 * CVE-2017-6840 * CVE-2017-6841 * CVE-2017-6842 * CVE-2017-6845 * CVE-2017-6849 * CVE-2017-8378 * CVE-2018-5308 * CVE-2019-10723 * CVE-2019-9199 CVSS scores: * CVE-2017-5854 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-6840 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-6841 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-6842 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-6845 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-6849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-6849 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-8378 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2017-8378 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-5308 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2018-5308 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-10723 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-10723 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-9199 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9199 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for podofo fixes the following issues: * CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190) * CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787) * CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786) * CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785) * CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779) * CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776) * CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000) * CVE-2018-5308: Fixed Undefined behavior (memcpy with NULL pointer) in PdfMemoryOutputStream::Write (src/base/PdfOutputStream.cpp) (bsc#1075772) * CVE-2019-10723: Fixed Memory leak in PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp (bsc#1131544) * CVE-2019-9199: Fixed NULL pointer dereference in function PoDoFo:Impose:PdfTranslator:setSource() in pdftranslator.cpp (bsc#1127855) * Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3541=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-3541=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * podofo-debugsource-0.9.2-3.21.1 * podofo-debuginfo-0.9.2-3.21.1 * libpodofo-devel-0.9.2-3.21.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * podofo-debugsource-0.9.2-3.21.1 * podofo-debuginfo-0.9.2-3.21.1 * libpodofo0_9_2-debuginfo-0.9.2-3.21.1 * libpodofo0_9_2-0.9.2-3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2015-8981.html * https://www.suse.com/security/cve/CVE-2017-5854.html * https://www.suse.com/security/cve/CVE-2017-6840.html * https://www.suse.com/security/cve/CVE-2017-6841.html * https://www.suse.com/security/cve/CVE-2017-6842.html * https://www.suse.com/security/cve/CVE-2017-6845.html * https://www.suse.com/security/cve/CVE-2017-6849.html * https://www.suse.com/security/cve/CVE-2017-8378.html * https://www.suse.com/security/cve/CVE-2018-5308.html * https://www.suse.com/security/cve/CVE-2019-10723.html * https://www.suse.com/security/cve/CVE-2019-9199.html * https://bugzilla.suse.com/show_bug.cgi?id=1023072 * https://bugzilla.suse.com/show_bug.cgi?id=1023190 * https://bugzilla.suse.com/show_bug.cgi?id=1027776 * https://bugzilla.suse.com/show_bug.cgi?id=1027779 * https://bugzilla.suse.com/show_bug.cgi?id=1027785 * https://bugzilla.suse.com/show_bug.cgi?id=1027786 * https://bugzilla.suse.com/show_bug.cgi?id=1027787 * https://bugzilla.suse.com/show_bug.cgi?id=1037000 * https://bugzilla.suse.com/show_bug.cgi?id=1075772 * https://bugzilla.suse.com/show_bug.cgi?id=1127855 * https://bugzilla.suse.com/show_bug.cgi?id=1131544 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 12:30:20 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 12:30:20 -0000 Subject: SUSE-SU-2024:3540-1: moderate: Security update for Mesa Message-ID: <172839062095.6932.2367791912209850891@smelt2.prg2.suse.org> # Security update for Mesa Announcement ID: SUSE-SU-2024:3540-1 Release Date: 2024-10-08T08:30:31Z Rating: moderate References: * bsc#1222040 * bsc#1222041 * bsc#1222042 Cross-References: * CVE-2023-45913 * CVE-2023-45919 * CVE-2023-45922 CVSS scores: * CVE-2023-45913 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45919 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H * CVE-2023-45922 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for Mesa fixes the following issues: * CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040) * CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041) * CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#1222042) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3540=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3540=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3540=1 openSUSE-SLE-15.6-2024-3540=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3540=1 ## Package List: * SUSE Package Hub 15 15-SP6 (x86_64) * libOSMesa8-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-debugsource-23.3.4-150600.83.3.1 * libOSMesa8-32bit-23.3.4-150600.83.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * Mesa-dri-nouveau-23.3.4-150600.83.3.1 * Mesa-dri-nouveau-debuginfo-23.3.4-150600.83.3.1 * libvdpau_nouveau-debuginfo-23.3.4-150600.83.3.1 * Mesa-drivers-debugsource-23.3.4-150600.83.3.1 * libvdpau_nouveau-23.3.4-150600.83.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libgbm-devel-23.3.4-150600.83.3.1 * Mesa-libglapi0-23.3.4-150600.83.3.1 * libOSMesa8-23.3.4-150600.83.3.1 * Mesa-libglapi-devel-23.3.4-150600.83.3.1 * Mesa-drivers-debugsource-23.3.4-150600.83.3.1 * libOSMesa8-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGL1-23.3.4-150600.83.3.1 * Mesa-libGL-devel-23.3.4-150600.83.3.1 * Mesa-devel-23.3.4-150600.83.3.1 * Mesa-KHR-devel-23.3.4-150600.83.3.1 * Mesa-debugsource-23.3.4-150600.83.3.1 * Mesa-libGLESv1_CM-devel-23.3.4-150600.83.3.1 * Mesa-dri-23.3.4-150600.83.3.1 * libgbm1-23.3.4-150600.83.3.1 * Mesa-dri-devel-23.3.4-150600.83.3.1 * Mesa-libGLESv3-devel-23.3.4-150600.83.3.1 * Mesa-libEGL-devel-23.3.4-150600.83.3.1 * Mesa-23.3.4-150600.83.3.1 * Mesa-dri-debuginfo-23.3.4-150600.83.3.1 * Mesa-libglapi0-debuginfo-23.3.4-150600.83.3.1 * libOSMesa-devel-23.3.4-150600.83.3.1 * Mesa-libGLESv2-devel-23.3.4-150600.83.3.1 * libgbm1-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGL1-debuginfo-23.3.4-150600.83.3.1 * Mesa-libEGL1-23.3.4-150600.83.3.1 * Mesa-libEGL1-debuginfo-23.3.4-150600.83.3.1 * openSUSE Leap 15.6 (x86_64) * Mesa-libEGL-devel-32bit-23.3.4-150600.83.3.1 * Mesa-libGL1-32bit-debuginfo-23.3.4-150600.83.3.1 * libOSMesa8-32bit-23.3.4-150600.83.3.1 * Mesa-vulkan-overlay-32bit-debuginfo-23.3.4-150600.83.3.1 * libvulkan_radeon-32bit-23.3.4-150600.83.3.1 * Mesa-libd3d-32bit-debuginfo-23.3.4-150600.83.3.1 * libvdpau_radeonsi-32bit-23.3.4-150600.83.3.1 * Mesa-dri-32bit-23.3.4-150600.83.3.1 * Mesa-libglapi0-32bit-23.3.4-150600.83.3.1 * libvulkan_radeon-32bit-debuginfo-23.3.4-150600.83.3.1 * libvdpau_r600-32bit-23.3.4-150600.83.3.1 * libgbm1-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libd3d-devel-32bit-23.3.4-150600.83.3.1 * Mesa-vulkan-device-select-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGLESv1_CM-devel-32bit-23.3.4-150600.83.3.1 * Mesa-dri-32bit-debuginfo-23.3.4-150600.83.3.1 * libvulkan_intel-32bit-23.3.4-150600.83.3.1 * Mesa-dri-nouveau-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-32bit-23.3.4-150600.83.3.1 * libvdpau_nouveau-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libEGL1-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGL1-32bit-23.3.4-150600.83.3.1 * Mesa-libGLESv2-devel-32bit-23.3.4-150600.83.3.1 * Mesa-vulkan-overlay-32bit-23.3.4-150600.83.3.1 * Mesa-gallium-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libEGL1-32bit-23.3.4-150600.83.3.1 * Mesa-libglapi0-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-gallium-32bit-23.3.4-150600.83.3.1 * libvdpau_virtio_gpu-32bit-23.3.4-150600.83.3.1 * Mesa-libglapi-devel-32bit-23.3.4-150600.83.3.1 * libOSMesa8-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libd3d-32bit-23.3.4-150600.83.3.1 * Mesa-dri-nouveau-32bit-23.3.4-150600.83.3.1 * Mesa-libGL-devel-32bit-23.3.4-150600.83.3.1 * libvdpau_nouveau-32bit-23.3.4-150600.83.3.1 * libvdpau_virtio_gpu-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-vulkan-device-select-32bit-23.3.4-150600.83.3.1 * libvdpau_radeonsi-32bit-debuginfo-23.3.4-150600.83.3.1 * libgbm-devel-32bit-23.3.4-150600.83.3.1 * libvdpau_r600-32bit-debuginfo-23.3.4-150600.83.3.1 * libvulkan_intel-32bit-debuginfo-23.3.4-150600.83.3.1 * libOSMesa-devel-32bit-23.3.4-150600.83.3.1 * libgbm1-32bit-23.3.4-150600.83.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64 i586) * Mesa-dri-nouveau-23.3.4-150600.83.3.1 * libvdpau_r600-debuginfo-23.3.4-150600.83.3.1 * libvdpau_virtio_gpu-debuginfo-23.3.4-150600.83.3.1 * Mesa-gallium-debuginfo-23.3.4-150600.83.3.1 * libxatracker2-1.0.0-150600.83.3.1 * libvdpau_radeonsi-23.3.4-150600.83.3.1 * Mesa-gallium-23.3.4-150600.83.3.1 * Mesa-dri-nouveau-debuginfo-23.3.4-150600.83.3.1 * libvdpau_nouveau-debuginfo-23.3.4-150600.83.3.1 * libxatracker2-debuginfo-1.0.0-150600.83.3.1 * Mesa-libOpenCL-debuginfo-23.3.4-150600.83.3.1 * libvdpau_r600-23.3.4-150600.83.3.1 * Mesa-libva-debuginfo-23.3.4-150600.83.3.1 * Mesa-libva-23.3.4-150600.83.3.1 * libvdpau_radeonsi-debuginfo-23.3.4-150600.83.3.1 * libvdpau_nouveau-23.3.4-150600.83.3.1 * libvdpau_virtio_gpu-23.3.4-150600.83.3.1 * Mesa-libOpenCL-23.3.4-150600.83.3.1 * libxatracker-devel-1.0.0-150600.83.3.1 * openSUSE Leap 15.6 (x86_64 i586) * Mesa-libd3d-23.3.4-150600.83.3.1 * libvulkan_intel-debuginfo-23.3.4-150600.83.3.1 * Mesa-libd3d-debuginfo-23.3.4-150600.83.3.1 * Mesa-libd3d-devel-23.3.4-150600.83.3.1 * libvulkan_intel-23.3.4-150600.83.3.1 * openSUSE Leap 15.6 (aarch64 x86_64 i586) * Mesa-vulkan-overlay-23.3.4-150600.83.3.1 * libvulkan_radeon-23.3.4-150600.83.3.1 * Mesa-vulkan-device-select-23.3.4-150600.83.3.1 * Mesa-vulkan-overlay-debuginfo-23.3.4-150600.83.3.1 * Mesa-vulkan-device-select-debuginfo-23.3.4-150600.83.3.1 * libvulkan_lvp-23.3.4-150600.83.3.1 * libvulkan_lvp-debuginfo-23.3.4-150600.83.3.1 * libvulkan_radeon-debuginfo-23.3.4-150600.83.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * Mesa-vulkan-device-select-64bit-23.3.4-150600.83.3.1 * Mesa-libEGL1-64bit-23.3.4-150600.83.3.1 * libvdpau_radeonsi-64bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-64bit-23.3.4-150600.83.3.1 * Mesa-libglapi0-64bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGL1-64bit-23.3.4-150600.83.3.1 * Mesa-dri-nouveau-64bit-debuginfo-23.3.4-150600.83.3.1 * libvdpau_virtio_gpu-64bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGLESv1_CM-devel-64bit-23.3.4-150600.83.3.1 * Mesa-libglapi-devel-64bit-23.3.4-150600.83.3.1 * Mesa-vulkan-device-select-64bit-debuginfo-23.3.4-150600.83.3.1 * libOSMesa-devel-64bit-23.3.4-150600.83.3.1 * Mesa-libGL1-64bit-debuginfo-23.3.4-150600.83.3.1 * libvdpau_r600-64bit-23.3.4-150600.83.3.1 * libgbm1-64bit-23.3.4-150600.83.3.1 * Mesa-libGL-devel-64bit-23.3.4-150600.83.3.1 * libvulkan_radeon-64bit-23.3.4-150600.83.3.1 * libvdpau_r600-64bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-dri-64bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-dri-vc4-64bit-23.3.4-150600.83.3.1 * libOSMesa8-64bit-debuginfo-23.3.4-150600.83.3.1 * libgbm-devel-64bit-23.3.4-150600.83.3.1 * Mesa-libEGL1-64bit-debuginfo-23.3.4-150600.83.3.1 * libvdpau_virtio_gpu-64bit-23.3.4-150600.83.3.1 * Mesa-vulkan-overlay-64bit-debuginfo-23.3.4-150600.83.3.1 * libvdpau_radeonsi-64bit-23.3.4-150600.83.3.1 * Mesa-dri-nouveau-64bit-23.3.4-150600.83.3.1 * libgbm1-64bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-vulkan-overlay-64bit-23.3.4-150600.83.3.1 * libvulkan_radeon-64bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-dri-vc4-64bit-debuginfo-23.3.4-150600.83.3.1 * libvdpau_nouveau-64bit-debuginfo-23.3.4-150600.83.3.1 * libvdpau_nouveau-64bit-23.3.4-150600.83.3.1 * Mesa-gallium-64bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGLESv2-devel-64bit-23.3.4-150600.83.3.1 * Mesa-libEGL-devel-64bit-23.3.4-150600.83.3.1 * Mesa-dri-64bit-23.3.4-150600.83.3.1 * Mesa-gallium-64bit-23.3.4-150600.83.3.1 * libOSMesa8-64bit-23.3.4-150600.83.3.1 * Mesa-libglapi0-64bit-23.3.4-150600.83.3.1 * openSUSE Leap 15.6 (aarch64) * libvulkan_freedreno-debuginfo-23.3.4-150600.83.3.1 * libvulkan_broadcom-23.3.4-150600.83.3.1 * libvulkan_broadcom-debuginfo-23.3.4-150600.83.3.1 * Mesa-dri-vc4-debuginfo-23.3.4-150600.83.3.1 * libvulkan_freedreno-23.3.4-150600.83.3.1 * Mesa-dri-vc4-23.3.4-150600.83.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libgbm-devel-23.3.4-150600.83.3.1 * Mesa-libglapi0-23.3.4-150600.83.3.1 * libOSMesa8-23.3.4-150600.83.3.1 * Mesa-libglapi-devel-23.3.4-150600.83.3.1 * Mesa-drivers-debugsource-23.3.4-150600.83.3.1 * libOSMesa8-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGL1-23.3.4-150600.83.3.1 * Mesa-libGL-devel-23.3.4-150600.83.3.1 * Mesa-devel-23.3.4-150600.83.3.1 * Mesa-KHR-devel-23.3.4-150600.83.3.1 * Mesa-debugsource-23.3.4-150600.83.3.1 * Mesa-libGLESv1_CM-devel-23.3.4-150600.83.3.1 * Mesa-dri-23.3.4-150600.83.3.1 * libgbm1-23.3.4-150600.83.3.1 * Mesa-dri-devel-23.3.4-150600.83.3.1 * Mesa-libGLESv3-devel-23.3.4-150600.83.3.1 * Mesa-libEGL-devel-23.3.4-150600.83.3.1 * Mesa-23.3.4-150600.83.3.1 * Mesa-dri-debuginfo-23.3.4-150600.83.3.1 * Mesa-libglapi0-debuginfo-23.3.4-150600.83.3.1 * libOSMesa-devel-23.3.4-150600.83.3.1 * Mesa-libGLESv2-devel-23.3.4-150600.83.3.1 * libgbm1-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGL1-debuginfo-23.3.4-150600.83.3.1 * Mesa-libEGL1-23.3.4-150600.83.3.1 * Mesa-libEGL1-debuginfo-23.3.4-150600.83.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le x86_64) * libvdpau_r600-debuginfo-23.3.4-150600.83.3.1 * libvdpau_virtio_gpu-debuginfo-23.3.4-150600.83.3.1 * Mesa-gallium-debuginfo-23.3.4-150600.83.3.1 * Mesa-gallium-23.3.4-150600.83.3.1 * libxatracker2-debuginfo-1.0.0-150600.83.3.1 * libvdpau_r600-23.3.4-150600.83.3.1 * Mesa-libva-debuginfo-23.3.4-150600.83.3.1 * Mesa-libva-23.3.4-150600.83.3.1 * libvdpau_virtio_gpu-23.3.4-150600.83.3.1 * libxatracker2-1.0.0-150600.83.3.1 * libxatracker-devel-1.0.0-150600.83.3.1 * Basesystem Module 15-SP6 (aarch64 x86_64) * Mesa-vulkan-overlay-23.3.4-150600.83.3.1 * libvulkan_radeon-23.3.4-150600.83.3.1 * Mesa-vulkan-device-select-23.3.4-150600.83.3.1 * Mesa-vulkan-overlay-debuginfo-23.3.4-150600.83.3.1 * Mesa-vulkan-device-select-debuginfo-23.3.4-150600.83.3.1 * libvulkan_lvp-23.3.4-150600.83.3.1 * libvulkan_lvp-debuginfo-23.3.4-150600.83.3.1 * libvulkan_radeon-debuginfo-23.3.4-150600.83.3.1 * Basesystem Module 15-SP6 (x86_64) * Mesa-libd3d-23.3.4-150600.83.3.1 * libvulkan_intel-debuginfo-23.3.4-150600.83.3.1 * Mesa-libd3d-debuginfo-23.3.4-150600.83.3.1 * Mesa-gallium-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libGL1-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libEGL1-32bit-23.3.4-150600.83.3.1 * Mesa-libglapi0-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-gallium-32bit-23.3.4-150600.83.3.1 * Mesa-libd3d-devel-23.3.4-150600.83.3.1 * Mesa-dri-32bit-debuginfo-23.3.4-150600.83.3.1 * libvulkan_intel-23.3.4-150600.83.3.1 * libgbm1-32bit-debuginfo-23.3.4-150600.83.3.1 * libvdpau_radeonsi-debuginfo-23.3.4-150600.83.3.1 * Mesa-dri-32bit-23.3.4-150600.83.3.1 * Mesa-32bit-23.3.4-150600.83.3.1 * libvdpau_radeonsi-23.3.4-150600.83.3.1 * Mesa-libEGL1-32bit-debuginfo-23.3.4-150600.83.3.1 * Mesa-libglapi0-32bit-23.3.4-150600.83.3.1 * Mesa-libGL1-32bit-23.3.4-150600.83.3.1 * libgbm1-32bit-23.3.4-150600.83.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45913.html * https://www.suse.com/security/cve/CVE-2023-45919.html * https://www.suse.com/security/cve/CVE-2023-45922.html * https://bugzilla.suse.com/show_bug.cgi?id=1222040 * https://bugzilla.suse.com/show_bug.cgi?id=1222041 * https://bugzilla.suse.com/show_bug.cgi?id=1222042 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:32:25 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:32:25 -0000 Subject: SUSE-SU-2024:3553-1: important: Security update for the Linux Kernel Message-ID: <172840514597.4252.3882454861165336724@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3553-1 Release Date: 2024-10-08T15:10:24Z Rating: important References: * bsc#1012628 * bsc#1215199 * bsc#1216223 * bsc#1220382 * bsc#1222629 * bsc#1223600 * bsc#1223848 * bsc#1225487 * bsc#1225812 * bsc#1225903 * bsc#1226003 * bsc#1226507 * bsc#1226606 * bsc#1226666 * bsc#1226860 * bsc#1227487 * bsc#1227694 * bsc#1227819 * bsc#1227885 * bsc#1227890 * bsc#1227962 * bsc#1228090 * bsc#1228140 * bsc#1228244 * bsc#1228507 * bsc#1228771 * bsc#1229004 * bsc#1229019 * bsc#1229086 * bsc#1229167 * bsc#1229169 * bsc#1229289 * bsc#1229380 * bsc#1229429 * bsc#1229443 * bsc#1229452 * bsc#1229455 * bsc#1229456 * bsc#1229494 * bsc#1229585 * bsc#1229748 * bsc#1229764 * bsc#1229768 * bsc#1229790 * bsc#1229928 * bsc#1230015 * bsc#1230119 * bsc#1230169 * bsc#1230170 * bsc#1230173 * bsc#1230174 * bsc#1230175 * bsc#1230176 * bsc#1230178 * bsc#1230185 * bsc#1230191 * bsc#1230192 * bsc#1230193 * bsc#1230194 * bsc#1230195 * bsc#1230200 * bsc#1230204 * bsc#1230206 * bsc#1230207 * bsc#1230209 * bsc#1230211 * bsc#1230212 * bsc#1230213 * bsc#1230217 * bsc#1230221 * bsc#1230224 * bsc#1230230 * bsc#1230232 * bsc#1230233 * bsc#1230240 * bsc#1230244 * bsc#1230247 * bsc#1230248 * bsc#1230269 * bsc#1230270 * bsc#1230295 * bsc#1230340 * bsc#1230350 * bsc#1230413 * bsc#1230426 * bsc#1230430 * bsc#1230431 * bsc#1230432 * bsc#1230433 * bsc#1230434 * bsc#1230435 * bsc#1230440 * bsc#1230441 * bsc#1230442 * bsc#1230444 * bsc#1230450 * bsc#1230451 * bsc#1230454 * bsc#1230455 * bsc#1230457 * bsc#1230459 * bsc#1230506 * bsc#1230507 * bsc#1230511 * bsc#1230515 * bsc#1230517 * bsc#1230518 * bsc#1230519 * bsc#1230520 * bsc#1230521 * bsc#1230524 * bsc#1230526 * bsc#1230533 * bsc#1230535 * bsc#1230539 * bsc#1230540 * bsc#1230542 * bsc#1230549 * bsc#1230556 * bsc#1230562 * bsc#1230563 * bsc#1230564 * bsc#1230580 * bsc#1230582 * bsc#1230589 * bsc#1230602 * bsc#1230699 * bsc#1230700 * bsc#1230701 * bsc#1230702 * bsc#1230703 * bsc#1230704 * bsc#1230705 * bsc#1230706 * bsc#1230707 * bsc#1230709 * bsc#1230711 * bsc#1230712 * bsc#1230715 * bsc#1230719 * bsc#1230722 * bsc#1230724 * bsc#1230725 * bsc#1230726 * bsc#1230727 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230747 * bsc#1230748 * bsc#1230749 * bsc#1230751 * bsc#1230752 * bsc#1230753 * bsc#1230756 * bsc#1230761 * bsc#1230766 * bsc#1230767 * bsc#1230768 * bsc#1230771 * bsc#1230772 * bsc#1230775 * bsc#1230776 * bsc#1230780 * bsc#1230783 * bsc#1230786 * bsc#1230787 * bsc#1230791 * bsc#1230794 * bsc#1230796 * bsc#1230802 * bsc#1230806 * bsc#1230808 * bsc#1230809 * bsc#1230810 * bsc#1230812 * bsc#1230813 * bsc#1230814 * bsc#1230815 * bsc#1230821 * bsc#1230825 * bsc#1230830 * bsc#1230831 * bsc#1230854 * bsc#1230948 * bsc#1231008 * bsc#1231035 * bsc#1231120 * bsc#1231146 * jsc#PED-10954 * jsc#PED-9899 Cross-References: * CVE-2023-52752 * CVE-2023-52915 * CVE-2023-52916 * CVE-2024-26759 * CVE-2024-26804 * CVE-2024-36953 * CVE-2024-38538 * CVE-2024-38632 * CVE-2024-40965 * CVE-2024-40973 * CVE-2024-40983 * CVE-2024-42154 * CVE-2024-42252 * CVE-2024-43832 * CVE-2024-43835 * CVE-2024-43870 * CVE-2024-43886 * CVE-2024-43890 * CVE-2024-43904 * CVE-2024-43914 * CVE-2024-44946 * CVE-2024-44947 * CVE-2024-44948 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44960 * CVE-2024-44961 * CVE-2024-44962 * CVE-2024-44965 * CVE-2024-44967 * CVE-2024-44969 * CVE-2024-44970 * CVE-2024-44971 * CVE-2024-44972 * CVE-2024-44977 * CVE-2024-44982 * CVE-2024-44984 * CVE-2024-44986 * CVE-2024-44987 * CVE-2024-44988 * CVE-2024-44989 * CVE-2024-44990 * CVE-2024-44991 * CVE-2024-44997 * CVE-2024-44999 * CVE-2024-45000 * CVE-2024-45001 * CVE-2024-45002 * CVE-2024-45005 * CVE-2024-45006 * CVE-2024-45007 * CVE-2024-45008 * CVE-2024-45011 * CVE-2024-45012 * CVE-2024-45013 * CVE-2024-45015 * CVE-2024-45017 * CVE-2024-45018 * CVE-2024-45019 * CVE-2024-45020 * CVE-2024-45021 * CVE-2024-45022 * CVE-2024-45023 * CVE-2024-45026 * CVE-2024-45028 * CVE-2024-45029 * CVE-2024-45030 * CVE-2024-46672 * CVE-2024-46673 * CVE-2024-46674 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46687 * CVE-2024-46689 * CVE-2024-46691 * CVE-2024-46692 * CVE-2024-46693 * CVE-2024-46694 * CVE-2024-46695 * CVE-2024-46702 * CVE-2024-46706 * CVE-2024-46707 * CVE-2024-46709 * CVE-2024-46710 * CVE-2024-46711 * CVE-2024-46714 * CVE-2024-46715 * CVE-2024-46716 * CVE-2024-46717 * CVE-2024-46719 * CVE-2024-46720 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46724 * CVE-2024-46725 * CVE-2024-46726 * CVE-2024-46727 * CVE-2024-46728 * CVE-2024-46729 * CVE-2024-46730 * CVE-2024-46731 * CVE-2024-46732 * CVE-2024-46734 * CVE-2024-46735 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46741 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46746 * CVE-2024-46747 * CVE-2024-46749 * CVE-2024-46750 * CVE-2024-46751 * CVE-2024-46752 * CVE-2024-46753 * CVE-2024-46755 * CVE-2024-46756 * CVE-2024-46757 * CVE-2024-46758 * CVE-2024-46759 * CVE-2024-46760 * CVE-2024-46761 * CVE-2024-46767 * CVE-2024-46771 * CVE-2024-46772 * CVE-2024-46773 * CVE-2024-46774 * CVE-2024-46776 * CVE-2024-46778 * CVE-2024-46780 * CVE-2024-46781 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46786 * CVE-2024-46787 * CVE-2024-46791 * CVE-2024-46794 * CVE-2024-46797 * CVE-2024-46798 * CVE-2024-46822 CVSS scores: * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26759 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26804 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36953 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38538 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40965 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-40973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40983 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42252 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42252 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42252 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43832 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43870 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43886 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43886 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44960 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-44960 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N * CVE-2024-44960 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44961 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-44961 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44961 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44962 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-44962 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44962 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44965 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44967 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44967 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44972 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44972 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44977 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44984 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-44986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44997 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44997 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45002 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45002 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45005 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45012 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45012 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45017 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-45018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45019 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45019 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45023 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45023 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45028 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45028 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45030 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46672 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46672 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46687 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46687 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46691 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46692 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46692 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46693 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46706 ( SUSE ): 4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46709 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46709 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46710 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46710 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46711 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46711 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46716 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-46717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46719 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46719 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46724 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46724 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46725 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46725 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46726 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46726 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46727 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46727 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46729 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46732 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46734 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46734 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46735 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46735 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46735 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46741 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-46741 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46741 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46746 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46746 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46746 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46747 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46747 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46747 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46749 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46749 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46749 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46752 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46752 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46756 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46756 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46757 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46757 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46757 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46758 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46758 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46760 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46760 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46760 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46767 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46776 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46780 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46786 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46786 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46791 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46794 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46794 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-46797 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46797 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46797 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Confidential Computing Module 15-SP6 * SUSE Linux Enterprise Server 15 SP6 An update that solves 147 vulnerabilities, contains two features and has 42 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 CoCo kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). * CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). * CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). * CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). * CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). * CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). * CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). * CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). * CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). * CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). * CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). * CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). * CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). * CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). * CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). * CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). * CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). * CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). * CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). * CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). * CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). * CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). * CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). * CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). * CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). * CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). * CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). * CVE-2024-46727: Fixed NULL pointer dereference in resource_log_pipe_topology_update (bsc#1230707). * CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). * CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). * CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: * ABI: testing: fix admv8818 attr description (git-fixes). * ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). * ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). * ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git- fixes). * ACPI: processor: Fix memory leaks in error paths of processor_add() (stable- fixes). * ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). * ACPI: sysfs: validate return type of _STR method (git-fixes). * afs: Do not cross .backup mountpoint from backup volume (git-fixes). * afs: Revert "afs: Hide silly-rename files from userspace" (git-fixes). * ALSA: control: Apply sanity check of input values for user elements (stable- fixes). * ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). * ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). * ALSA: hda: cs35l41: fix module autoloading (git-fixes). * arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). * arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). * arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git- fixes). * arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). * arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git- fixes). * arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git- fixes). * arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). * arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git- fixes). * arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). * arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). * arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) * arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) * arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). * arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) * arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) * arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) * ARM: 9406/1: Fix callchain_trace() return value (git-fixes). * ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). * ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git- fixes). * ASoC: cs42l42: Convert comma to semicolon (git-fixes). * ASoC: intel: fix module autoloading (stable-fixes). * ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). * ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). * ASoC: meson: Remove unused declartion in header file (git-fixes). * ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git- fixes). * ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). * ASoC: soc-ac97: Fix the incorrect description (git-fixes). * ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). * ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). * ASoC: tda7419: fix module autoloading (stable-fixes). * ASoC: topology: Properly initialize soc_enum values (stable-fixes). * ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git- fixes). * ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). * ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). * ata: pata_macio: Use WARN instead of BUG (stable-fixes). * blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). * blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). * Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). * Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). * Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). * Bluetooth: hci_event: Use HCI error defines instead of magic values (stable- fixes). * Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). * Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git- fixes). * bpf, events: Use prog to emit ksymbol event for main program (git-fixes). * bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). * btrfs: fix race between direct IO write and fsync when using same fd (git- fixes). * btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). * bus: integrator-lm: fix OF node leak in probe() (git-fixes). * cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). * can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). * can: j1939: use correct function name in comment (git-fixes). * can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). * can: m_can: enable NAPI before enabling interrupts (git-fixes). * can: m_can: m_can_close(): stop clocks after device has been shut down (git- fixes). * can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). * can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). * can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). * can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). * can: mcp251xfd: properly indent labels (stable-fixes). * can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). * can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). * clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). * clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). * clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). * clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). * cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable- fixes). * cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). * cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). * crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). * crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). * crypto: iaa - Fix potential use after free bug (git-fixes). * crypto: qat - fix unintentional re-enabling of error interrupts (stable- fixes). * crypto: xor - fix template benchmarking (git-fixes). * cxl/core: Fix incorrect vendor debug UUID define (git-fixes). * cxl/pci: Fix to record only non-zero ranges (git-fixes). * Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). * devres: Initialize an uninitialized struct member (stable-fixes). * dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). * Documentation: ioctl: document 0x07 ioctl code (git-fixes). * driver core: Fix a potential null-ptr-deref in module_add_driver() (git- fixes). * driver core: Fix error handling in driver API device_rename() (git-fixes). * drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). * Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). * drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). * drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). * drm/amd: Add gfx12 swizzle mode defs (stable-fixes). * drm/amd/amdgpu: Properly tune the size of struct (git-fixes). * drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). * drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). * drm/amd/display: Check denominator pbn_div before used (stable-fixes). * drm/amd/display: Check HDCP returned status (stable-fixes). * drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). * drm/amd/display: Defer handling mst up request in resume (stable-fixes). * drm/amd/display: Disable error correction if it's not supported (stable- fixes). * drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). * drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git- fixes). * drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). * drm/amd/display: Solve mst monitors blank out problem after resume (git- fixes). * drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). * drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). * drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). * drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). * drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). * drm/amdgpu: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: Fix get each xcp macro (git-fixes). * drm/amdgpu: Fix smatch static checker warning (stable-fixes). * drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). * drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). * drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). * drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). * drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). * drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). * drm: komeda: Fix an issue related to normalized zpos (stable-fixes). * drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). * drm/mediatek: Set sensible cursor width/height values to fix crash (stable- fixes). * drm/msm/a5xx: disable preemption in submits by default (git-fixes). * drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). * drm/msm/a5xx: properly clear preemption records on resume (git-fixes). * drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). * drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). * drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). * drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). * drm/msm: fix %s null argument error (git-fixes). * drm/nouveau/fb: restore init() for ramgp102 (git-fixes). * drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). * drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). * drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git- fixes). * drm/radeon: fix null pointer dereference in radeon_add_common_modes (git- fixes). * drm/radeon: properly handle vbios fake edid sizing (git-fixes). * drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git- fixes). * drm/rockchip: vop: Allow 4096px width scaling (git-fixes). * drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). * drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). * drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). * drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). * drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). * drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). * Drop soundwire patch that caused a regression (bsc#1230350) * ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). * erofs: fix incorrect symlink detection in fast symlink (git-fixes). * exfat: fix memory leak in exfat_load_bitmap() (git-fixes). * fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). * firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). * firmware_loader: Block path traversal (git-fixes). * firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). * fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). * HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). * HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable- fixes). * HID: multitouch: Add support for GT7868Q (stable-fixes). * HID: wacom: Do not warn about dropped packets for first packet (git-fixes). * HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). * hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). * hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable- fixes). * hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). * hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (ntc_thermistor) fix module autoloading (git-fixes). * hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). * hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). * hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git- fixes). * hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git- fixes). * hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). * i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). * i2c: isch: Add missed 'else' (git-fixes). * i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). * i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). * i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable- fixes). * IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) * iio: adc: ad7606: fix oversampling gpio array (git-fixes). * iio: adc: ad7606: fix standby gpio state to match the documentation (git- fixes). * iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git- fixes). * iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). * Input: adp5588-keys - fix check on return code (git-fixes). * Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). * Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). * Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). * Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). * Input: tsc2004/5 - fix reset handling on probe (git-fixes). * Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). * Input: uinput - reject requests with unreasonable number of slots (stable- fixes). * ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). * ipmi:ssif: Improve detecting during probing (bsc#1228771) * ipmi:ssif: Improve detecting during probing (bsc#1228771) * jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). * kABI workaround for cros_ec stuff (git-fixes). * KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). * kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable- fixes). * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). * KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). * KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git- fixes). * KVM: arm64: Do not re-initialize the KVM lock (git-fixes). * KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). * KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (git- fixes). * KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). * KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). * KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git- fixes). * KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). * KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). * KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). * leds: spi-byte: Call of_node_put() on error path (stable-fixes). * lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable- fixes). * lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). * mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). * mailbox: rockchip: fix a typo in module autoloading (git-fixes). * media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). * media: ov5675: Fix power on/off delay timings (git-fixes). * media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). * media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). * media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). * media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). * media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). * media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). * media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). * media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). * media: vivid: fix wrong sizeimage value for mplane (stable-fixes). * memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). * memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). * minmax: reduce min/max macro expansion in atomisp driver (git-fixes). * module: Fix KCOV-ignored file name (git-fixes). * Move fixes into sorted section (bsc#1230119) * mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). * mtd: slram: insert break after errors in parsing the map (git-fixes). * net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). * net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). * nfsd: Do not leave work of closing files to a work queue (bsc#1228140). * NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). * nilfs2: determine empty node blocks as corrupted (git-fixes). * nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). * nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). * nvme: clear caller pointer on identify failure (git-fixes). * nvme: fix namespace removal list (git-fixes). * nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). * nvme-multipath: system fails to create generic nvme device (bsc#1228244). * nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). * nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). * nvme-pci: allocate tagset on reset if necessary (git-fixes). * nvme-tcp: fix link failure for TCP auth (git-fixes). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). * nvmet-tcp: do not continue for invalid icreq (git-fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * nvmet-trace: avoid dereferencing pointer too early (git-fixes). * ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). * PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). * PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ (git- fixes). * PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). * pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). * PCI: imx6: Fix missing call to phy_power_off() in error handling (git- fixes). * PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable- fixes). * PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). * PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). * PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). * PCI: Wait for Link before restoring Downstream Buses (git-fixes). * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). * pcmcia: Use resource_size function on resource object (stable-fixes). * perf annotate: Introduce global annotation_options (git-fixes). * perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). * perf annotate: Use global annotation_options (git-fixes). * perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). * perf/core: Fix missing wakeup when waiting for context reference (git- fixes). * perf: Fix default aux_watermark calculation (git-fixes). * perf: Fix event leak upon exit (git-fixes). * perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). * perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). * perf intel-pt: Fix exclude_guest setting (git-fixes). * perf machine thread: Remove exited threads by default (git-fixes). * perf maps: Move symbol maps functions to maps.c (git-fixes). * perf pmu: Assume sysfs events are always the same case (git-fixes). * perf pmus: Fixes always false when compare duplicates aliases (git-fixes). * perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). * perf record: Lazy load kernel symbols (git-fixes). * perf report: Convert to the global annotation_options (git-fixes). * perf report: Fix condition in sort__sym_cmp() (git-fixes). * perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). * perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). * perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). * perf tool: fix dereferencing NULL al->maps (git-fixes). * perf tools: Add/use PMU reverse lookup from config to name (git-fixes). * perf tools: Use pmus to describe type from attribute (git-fixes). * perf top: Convert to the global annotation_options (git-fixes). * perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). * perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). * perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git- fixes). * perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). * perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). * perf/x86/intel: Factor out the initialization code for SPR (git fixes). * perf/x86/intel: Limit the period on Haswell (git-fixes). * perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). * perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git- fixes). * perf/x86/intel/pt: Fix topa_entry base length (git-fixes). * perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git- fixes). * perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). * perf/x86/intel: Use the common uarch name for the shared functions (git fixes). * perf/x86: Serialize set_attr_rdpmc() (git-fixes). * perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). * perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). * perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). * perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). * perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). * perf/x86/uncore: Save the unit control address of all units (bsc#1230119). * perf/x86/uncore: Support per PMU cpumask (bsc#1230119). * phy: zynqmp: Take the phy mutex in xlate (stable-fixes). * pinctrl: at91: make it work with current gpiolib (stable-fixes). * pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). * pinctrl: single: fix missing error code in pcs_probe() (git-fixes). * PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). * platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable- fixes). * platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). * platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). * platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). * platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git- fixes). * platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). * powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). * power: supply: axp20x_battery: Remove design from min and max voltage (git- fixes). * power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). * power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). * power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). * r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) * RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) * RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) * RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) * RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) * RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) * RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) * RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) * RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git- fixes) * RDMA/hns: Optimize hem allocation performance (git-fixes) * RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) * RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) * RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) * RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) * RDMA/mlx5: Obtain upper net device only when needed (git-fixes) * RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) * RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git- fixes) * regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). * regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). * regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). * regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). * regulator: rt5120: Convert comma to semicolon (git-fixes). * regulator: wm831x-isink: Convert comma to semicolon (git-fixes). * remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). * remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). * remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). * reset: berlin: fix OF node leak in probe() error path (git-fixes). * reset: k210: fix OF node leak in probe() error path (git-fixes). * resource: fix region_intersects() vs add_memory_driver_managed() (git- fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (git-fixes). * Revert "mm, kmsan: fix infinite recursion due to RCU critical section" * Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()" * Revert "mm/sparsemem: fix race in accessing memory_section->usage" * Revert "mm/sparsemem: fix race in accessing memory_section->usage" * Revert "PCI: Extend ACS configurability (bsc#1228090)." (bsc#1229019) * rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). * s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). * s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). * s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). * s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). * s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). * scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). * scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). * scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). * scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). * scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). * selftests: lib: remove strscpy test (git-fixes). * soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). * soc: versatile: integrator: fix OF node leak in probe() error path (git- fixes). * spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). * spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). * spi: bcm63xx: Enable module autoloading (stable-fixes). * spi: bcm63xx: Fix module autoloading (git-fixes). * spi: meson-spicc: convert comma to semicolon (git-fixes). * spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). * spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). * spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). * spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). * spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). * spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). * spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). * Squashfs: sanity check symbolic link size (git-fixes). * supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) * thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git- fixes). * thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git- fixes). * thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). * thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). * tomoyo: fallback to realpath if symlink's pathname does not exist (git- fixes). * tools/perf: Fix the string match for "/tmp/perf-$PID.map" files in dso__load (git-fixes). * tpm: Clean up TPM space after command failure (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). * usb: cdnsp: Fix incorrect usb_request status (git-fixes). * USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). * usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). * usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). * usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). * usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). * usbnet: ipheth: add CDC NCM support (git-fixes). * usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). * usbnet: ipheth: drop RX URBs with no payload (git-fixes). * usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). * usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). * usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). * usbnet: ipheth: remove extraneous rx URB length check (git-fixes). * usbnet: ipheth: transmit URBs without trailing padding (git-fixes). * USB: serial: kobil_sct: restore initial terminal settings (git-fixes). * USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). * usb: uas: set host status byte on data completion error (stable-fixes). * USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). * virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). * virtio_net: Fix napi_skb_cache_put warning (git-fixes). * virtio-net: synchronize probe with ndo_set_features (git-fixes). * watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). * wifi: ath12k: fix BSS chan info request WMI command (git-fixes). * wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). * wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). * wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). * wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). * wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). * wifi: brcmfmac: introducing fwil query functions (git-fixes). * wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). * wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git- fixes). * wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git- fixes). * wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). * wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). * wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). * wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable- fixes). * wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). * wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). * wifi: iwlwifi: mvm: increase the time between ranging measurements (git- fixes). * wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). * wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). * wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). * wifi: mac80211: fix the comeback long retry times (git-fixes). * wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable- fixes). * wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git- fixes). * wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). * wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). * wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). * wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git- fixes). * wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). * wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). * wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). * wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). * wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). * wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). * wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). * wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). * wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). * wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). * wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). * wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). * wifi: rtw88: always wait for both firmware loading attempts (git-fixes). * wifi: rtw88: remove CPT execution branch never used (git-fixes). * wifi: rtw88: usb: schedule rx work after everything is set up (stable- fixes). * wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). * wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). * x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). * x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). * x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). * x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). * xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). * xen: allow mapping ACPI data using a different physical address (bsc#1226003). * xen: introduce generic helper checking for memory map conflicts (bsc#1226003). * xen: move checks for e820 conflicts further up (bsc#1226003). * xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). * xen/swiotlb: add alignment check for dma buffers (bsc#1229928). * xen/swiotlb: fix allocated size (git-fixes). * xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). * xen: use correct end address of kernel for conflict checking (bsc#1226003). * xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git- fixes). * xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git- fixes). * xz: cleanup CRC32 edits from 2018 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Confidential Computing Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Confidential-Computing-15-SP6-2024-3553=1 ## Package List: * Confidential Computing Module 15-SP6 (nosrc x86_64) * kernel-coco-6.4.0-15061.6.coco15sp6.1 * kernel-coco_debug-6.4.0-15061.6.coco15sp6.1 * Confidential Computing Module 15-SP6 (x86_64) * kernel-coco-debugsource-6.4.0-15061.6.coco15sp6.1 * kernel-coco_debug-debuginfo-6.4.0-15061.6.coco15sp6.1 * kernel-coco_debug-devel-6.4.0-15061.6.coco15sp6.1 * kernel-coco_debug-debugsource-6.4.0-15061.6.coco15sp6.1 * kernel-coco-devel-6.4.0-15061.6.coco15sp6.1 * kernel-coco-vdso-debuginfo-6.4.0-15061.6.coco15sp6.1 * reiserfs-kmp-coco-6.4.0-15061.6.coco15sp6.1 * kernel-coco-debuginfo-6.4.0-15061.6.coco15sp6.1 * kernel-coco_debug-devel-debuginfo-6.4.0-15061.6.coco15sp6.1 * reiserfs-kmp-coco-debuginfo-6.4.0-15061.6.coco15sp6.1 * kernel-syms-coco-6.4.0-15061.6.coco15sp6.1 * Confidential Computing Module 15-SP6 (noarch) * kernel-source-coco-6.4.0-15061.6.coco15sp6.1 * kernel-devel-coco-6.4.0-15061.6.coco15sp6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52915.html * https://www.suse.com/security/cve/CVE-2023-52916.html * https://www.suse.com/security/cve/CVE-2024-26759.html * https://www.suse.com/security/cve/CVE-2024-26804.html * https://www.suse.com/security/cve/CVE-2024-36953.html * https://www.suse.com/security/cve/CVE-2024-38538.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-40965.html * https://www.suse.com/security/cve/CVE-2024-40973.html * https://www.suse.com/security/cve/CVE-2024-40983.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42252.html * https://www.suse.com/security/cve/CVE-2024-43832.html * https://www.suse.com/security/cve/CVE-2024-43835.html * https://www.suse.com/security/cve/CVE-2024-43870.html * https://www.suse.com/security/cve/CVE-2024-43886.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43904.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44947.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44960.html * https://www.suse.com/security/cve/CVE-2024-44961.html * https://www.suse.com/security/cve/CVE-2024-44962.html * https://www.suse.com/security/cve/CVE-2024-44965.html * https://www.suse.com/security/cve/CVE-2024-44967.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44970.html * https://www.suse.com/security/cve/CVE-2024-44971.html * https://www.suse.com/security/cve/CVE-2024-44972.html * https://www.suse.com/security/cve/CVE-2024-44977.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44984.html * https://www.suse.com/security/cve/CVE-2024-44986.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44988.html * https://www.suse.com/security/cve/CVE-2024-44989.html * https://www.suse.com/security/cve/CVE-2024-44990.html * https://www.suse.com/security/cve/CVE-2024-44991.html * https://www.suse.com/security/cve/CVE-2024-44997.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45000.html * https://www.suse.com/security/cve/CVE-2024-45001.html * https://www.suse.com/security/cve/CVE-2024-45002.html * https://www.suse.com/security/cve/CVE-2024-45005.html * https://www.suse.com/security/cve/CVE-2024-45006.html * https://www.suse.com/security/cve/CVE-2024-45007.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-45011.html * https://www.suse.com/security/cve/CVE-2024-45012.html * https://www.suse.com/security/cve/CVE-2024-45013.html * https://www.suse.com/security/cve/CVE-2024-45015.html * https://www.suse.com/security/cve/CVE-2024-45017.html * https://www.suse.com/security/cve/CVE-2024-45018.html * https://www.suse.com/security/cve/CVE-2024-45019.html * https://www.suse.com/security/cve/CVE-2024-45020.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-45022.html * https://www.suse.com/security/cve/CVE-2024-45023.html * https://www.suse.com/security/cve/CVE-2024-45026.html * https://www.suse.com/security/cve/CVE-2024-45028.html * https://www.suse.com/security/cve/CVE-2024-45029.html * https://www.suse.com/security/cve/CVE-2024-45030.html * https://www.suse.com/security/cve/CVE-2024-46672.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46674.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46687.html * https://www.suse.com/security/cve/CVE-2024-46689.html * https://www.suse.com/security/cve/CVE-2024-46691.html * https://www.suse.com/security/cve/CVE-2024-46692.html * https://www.suse.com/security/cve/CVE-2024-46693.html * https://www.suse.com/security/cve/CVE-2024-46694.html * https://www.suse.com/security/cve/CVE-2024-46695.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46706.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46709.html * https://www.suse.com/security/cve/CVE-2024-46710.html * https://www.suse.com/security/cve/CVE-2024-46711.html * https://www.suse.com/security/cve/CVE-2024-46714.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46716.html * https://www.suse.com/security/cve/CVE-2024-46717.html * https://www.suse.com/security/cve/CVE-2024-46719.html * https://www.suse.com/security/cve/CVE-2024-46720.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46724.html * https://www.suse.com/security/cve/CVE-2024-46725.html * https://www.suse.com/security/cve/CVE-2024-46726.html * https://www.suse.com/security/cve/CVE-2024-46727.html * https://www.suse.com/security/cve/CVE-2024-46728.html * https://www.suse.com/security/cve/CVE-2024-46729.html * https://www.suse.com/security/cve/CVE-2024-46730.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46732.html * https://www.suse.com/security/cve/CVE-2024-46734.html * https://www.suse.com/security/cve/CVE-2024-46735.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46741.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46746.html * https://www.suse.com/security/cve/CVE-2024-46747.html * https://www.suse.com/security/cve/CVE-2024-46749.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46751.html * https://www.suse.com/security/cve/CVE-2024-46752.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46755.html * https://www.suse.com/security/cve/CVE-2024-46756.html * https://www.suse.com/security/cve/CVE-2024-46757.html * https://www.suse.com/security/cve/CVE-2024-46758.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46760.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46767.html * https://www.suse.com/security/cve/CVE-2024-46771.html * https://www.suse.com/security/cve/CVE-2024-46772.html * https://www.suse.com/security/cve/CVE-2024-46773.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46776.html * https://www.suse.com/security/cve/CVE-2024-46778.html * https://www.suse.com/security/cve/CVE-2024-46780.html * https://www.suse.com/security/cve/CVE-2024-46781.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46786.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46791.html * https://www.suse.com/security/cve/CVE-2024-46794.html * https://www.suse.com/security/cve/CVE-2024-46797.html * https://www.suse.com/security/cve/CVE-2024-46798.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://bugzilla.suse.com/show_bug.cgi?id=1012628 * https://bugzilla.suse.com/show_bug.cgi?id=1215199 * https://bugzilla.suse.com/show_bug.cgi?id=1216223 * https://bugzilla.suse.com/show_bug.cgi?id=1220382 * https://bugzilla.suse.com/show_bug.cgi?id=1222629 * https://bugzilla.suse.com/show_bug.cgi?id=1223600 * https://bugzilla.suse.com/show_bug.cgi?id=1223848 * https://bugzilla.suse.com/show_bug.cgi?id=1225487 * https://bugzilla.suse.com/show_bug.cgi?id=1225812 * https://bugzilla.suse.com/show_bug.cgi?id=1225903 * https://bugzilla.suse.com/show_bug.cgi?id=1226003 * https://bugzilla.suse.com/show_bug.cgi?id=1226507 * https://bugzilla.suse.com/show_bug.cgi?id=1226606 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227694 * https://bugzilla.suse.com/show_bug.cgi?id=1227819 * https://bugzilla.suse.com/show_bug.cgi?id=1227885 * https://bugzilla.suse.com/show_bug.cgi?id=1227890 * https://bugzilla.suse.com/show_bug.cgi?id=1227962 * https://bugzilla.suse.com/show_bug.cgi?id=1228090 * https://bugzilla.suse.com/show_bug.cgi?id=1228140 * https://bugzilla.suse.com/show_bug.cgi?id=1228244 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228771 * https://bugzilla.suse.com/show_bug.cgi?id=1229004 * https://bugzilla.suse.com/show_bug.cgi?id=1229019 * https://bugzilla.suse.com/show_bug.cgi?id=1229086 * https://bugzilla.suse.com/show_bug.cgi?id=1229167 * https://bugzilla.suse.com/show_bug.cgi?id=1229169 * https://bugzilla.suse.com/show_bug.cgi?id=1229289 * https://bugzilla.suse.com/show_bug.cgi?id=1229380 * https://bugzilla.suse.com/show_bug.cgi?id=1229429 * https://bugzilla.suse.com/show_bug.cgi?id=1229443 * https://bugzilla.suse.com/show_bug.cgi?id=1229452 * https://bugzilla.suse.com/show_bug.cgi?id=1229455 * https://bugzilla.suse.com/show_bug.cgi?id=1229456 * https://bugzilla.suse.com/show_bug.cgi?id=1229494 * https://bugzilla.suse.com/show_bug.cgi?id=1229585 * https://bugzilla.suse.com/show_bug.cgi?id=1229748 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229768 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229928 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230119 * https://bugzilla.suse.com/show_bug.cgi?id=1230169 * https://bugzilla.suse.com/show_bug.cgi?id=1230170 * https://bugzilla.suse.com/show_bug.cgi?id=1230173 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230175 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230191 * https://bugzilla.suse.com/show_bug.cgi?id=1230192 * https://bugzilla.suse.com/show_bug.cgi?id=1230193 * https://bugzilla.suse.com/show_bug.cgi?id=1230194 * https://bugzilla.suse.com/show_bug.cgi?id=1230195 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230206 * https://bugzilla.suse.com/show_bug.cgi?id=1230207 * https://bugzilla.suse.com/show_bug.cgi?id=1230209 * https://bugzilla.suse.com/show_bug.cgi?id=1230211 * https://bugzilla.suse.com/show_bug.cgi?id=1230212 * https://bugzilla.suse.com/show_bug.cgi?id=1230213 * https://bugzilla.suse.com/show_bug.cgi?id=1230217 * https://bugzilla.suse.com/show_bug.cgi?id=1230221 * https://bugzilla.suse.com/show_bug.cgi?id=1230224 * https://bugzilla.suse.com/show_bug.cgi?id=1230230 * https://bugzilla.suse.com/show_bug.cgi?id=1230232 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230240 * https://bugzilla.suse.com/show_bug.cgi?id=1230244 * https://bugzilla.suse.com/show_bug.cgi?id=1230247 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230269 * https://bugzilla.suse.com/show_bug.cgi?id=1230270 * https://bugzilla.suse.com/show_bug.cgi?id=1230295 * https://bugzilla.suse.com/show_bug.cgi?id=1230340 * https://bugzilla.suse.com/show_bug.cgi?id=1230350 * https://bugzilla.suse.com/show_bug.cgi?id=1230413 * https://bugzilla.suse.com/show_bug.cgi?id=1230426 * https://bugzilla.suse.com/show_bug.cgi?id=1230430 * https://bugzilla.suse.com/show_bug.cgi?id=1230431 * https://bugzilla.suse.com/show_bug.cgi?id=1230432 * https://bugzilla.suse.com/show_bug.cgi?id=1230433 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230435 * https://bugzilla.suse.com/show_bug.cgi?id=1230440 * https://bugzilla.suse.com/show_bug.cgi?id=1230441 * https://bugzilla.suse.com/show_bug.cgi?id=1230442 * https://bugzilla.suse.com/show_bug.cgi?id=1230444 * https://bugzilla.suse.com/show_bug.cgi?id=1230450 * https://bugzilla.suse.com/show_bug.cgi?id=1230451 * https://bugzilla.suse.com/show_bug.cgi?id=1230454 * https://bugzilla.suse.com/show_bug.cgi?id=1230455 * https://bugzilla.suse.com/show_bug.cgi?id=1230457 * https://bugzilla.suse.com/show_bug.cgi?id=1230459 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230507 * https://bugzilla.suse.com/show_bug.cgi?id=1230511 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230518 * https://bugzilla.suse.com/show_bug.cgi?id=1230519 * https://bugzilla.suse.com/show_bug.cgi?id=1230520 * https://bugzilla.suse.com/show_bug.cgi?id=1230521 * https://bugzilla.suse.com/show_bug.cgi?id=1230524 * https://bugzilla.suse.com/show_bug.cgi?id=1230526 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230539 * https://bugzilla.suse.com/show_bug.cgi?id=1230540 * https://bugzilla.suse.com/show_bug.cgi?id=1230542 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230562 * https://bugzilla.suse.com/show_bug.cgi?id=1230563 * https://bugzilla.suse.com/show_bug.cgi?id=1230564 * https://bugzilla.suse.com/show_bug.cgi?id=1230580 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230602 * https://bugzilla.suse.com/show_bug.cgi?id=1230699 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230701 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230703 * https://bugzilla.suse.com/show_bug.cgi?id=1230704 * https://bugzilla.suse.com/show_bug.cgi?id=1230705 * https://bugzilla.suse.com/show_bug.cgi?id=1230706 * https://bugzilla.suse.com/show_bug.cgi?id=1230707 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230711 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230715 * https://bugzilla.suse.com/show_bug.cgi?id=1230719 * https://bugzilla.suse.com/show_bug.cgi?id=1230722 * https://bugzilla.suse.com/show_bug.cgi?id=1230724 * https://bugzilla.suse.com/show_bug.cgi?id=1230725 * https://bugzilla.suse.com/show_bug.cgi?id=1230726 * https://bugzilla.suse.com/show_bug.cgi?id=1230727 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230749 * https://bugzilla.suse.com/show_bug.cgi?id=1230751 * https://bugzilla.suse.com/show_bug.cgi?id=1230752 * https://bugzilla.suse.com/show_bug.cgi?id=1230753 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230766 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230768 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230772 * https://bugzilla.suse.com/show_bug.cgi?id=1230775 * https://bugzilla.suse.com/show_bug.cgi?id=1230776 * https://bugzilla.suse.com/show_bug.cgi?id=1230780 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230786 * https://bugzilla.suse.com/show_bug.cgi?id=1230787 * https://bugzilla.suse.com/show_bug.cgi?id=1230791 * https://bugzilla.suse.com/show_bug.cgi?id=1230794 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230802 * https://bugzilla.suse.com/show_bug.cgi?id=1230806 * https://bugzilla.suse.com/show_bug.cgi?id=1230808 * https://bugzilla.suse.com/show_bug.cgi?id=1230809 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230812 * https://bugzilla.suse.com/show_bug.cgi?id=1230813 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230821 * https://bugzilla.suse.com/show_bug.cgi?id=1230825 * https://bugzilla.suse.com/show_bug.cgi?id=1230830 * https://bugzilla.suse.com/show_bug.cgi?id=1230831 * https://bugzilla.suse.com/show_bug.cgi?id=1230854 * https://bugzilla.suse.com/show_bug.cgi?id=1230948 * https://bugzilla.suse.com/show_bug.cgi?id=1231008 * https://bugzilla.suse.com/show_bug.cgi?id=1231035 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://jira.suse.com/browse/PED-10954 * https://jira.suse.com/browse/PED-9899 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:32:28 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:32:28 -0000 Subject: SUSE-SU-2024:3552-1: moderate: Security update for pgadmin4 Message-ID: <172840514833.4252.13457702107982014550@smelt2.prg2.suse.org> # Security update for pgadmin4 Announcement ID: SUSE-SU-2024:3552-1 Release Date: 2024-10-08T15:04:35Z Rating: moderate References: * bsc#1223868 Cross-References: * CVE-2024-4216 CVSS scores: * CVE-2024-4216 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.5 * Python 3 Module 15-SP6 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for pgadmin4 fixes the following issues: * CVE-2024-4216: Fixed XSS in /settings/store endpoint (bsc#1223868) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3552=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3552=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3552=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-3552=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * pgadmin4-debuginfo-4.30-150300.3.15.1 * pgadmin4-4.30-150300.3.15.1 * openSUSE Leap 15.3 (noarch) * pgadmin4-doc-4.30-150300.3.15.1 * pgadmin4-web-4.30-150300.3.15.1 * pgadmin4-web-uwsgi-4.30-150300.3.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * pgadmin4-debuginfo-4.30-150300.3.15.1 * pgadmin4-4.30-150300.3.15.1 * openSUSE Leap 15.5 (noarch) * pgadmin4-doc-4.30-150300.3.15.1 * pgadmin4-web-4.30-150300.3.15.1 * pgadmin4-web-uwsgi-4.30-150300.3.15.1 * Python 3 Module 15-SP6 (noarch) * pgadmin4-doc-4.30-150300.3.15.1 * pgadmin4-web-4.30-150300.3.15.1 * Python 3 Module 15-SP6 (s390x) * pgadmin4-debuginfo-4.30-150300.3.15.1 * pgadmin4-4.30-150300.3.15.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * pgadmin4-debuginfo-4.30-150300.3.15.1 * pgadmin4-4.30-150300.3.15.1 * Server Applications Module 15-SP5 (noarch) * pgadmin4-doc-4.30-150300.3.15.1 * pgadmin4-web-4.30-150300.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4216.html * https://bugzilla.suse.com/show_bug.cgi?id=1223868 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:35:00 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:35:00 -0000 Subject: SUSE-SU-2024:3551-1: important: Security update for the Linux Kernel Message-ID: <172840530029.4252.13432685430625703192@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3551-1 Release Date: 2024-10-08T15:03:18Z Rating: important References: * bsc#1012628 * bsc#1183045 * bsc#1215199 * bsc#1216223 * bsc#1216776 * bsc#1220382 * bsc#1221527 * bsc#1221610 * bsc#1221650 * bsc#1222629 * bsc#1223600 * bsc#1223848 * bsc#1225487 * bsc#1225812 * bsc#1225903 * bsc#1226003 * bsc#1226507 * bsc#1226606 * bsc#1226666 * bsc#1226846 * bsc#1226860 * bsc#1227487 * bsc#1227694 * bsc#1227726 * bsc#1227819 * bsc#1227885 * bsc#1227890 * bsc#1227962 * bsc#1228090 * bsc#1228140 * bsc#1228244 * bsc#1228507 * bsc#1228771 * bsc#1229001 * bsc#1229004 * bsc#1229019 * bsc#1229086 * bsc#1229167 * bsc#1229169 * bsc#1229289 * bsc#1229334 * bsc#1229362 * bsc#1229363 * bsc#1229364 * bsc#1229371 * bsc#1229380 * bsc#1229389 * bsc#1229394 * bsc#1229429 * bsc#1229443 * bsc#1229452 * bsc#1229455 * bsc#1229456 * bsc#1229494 * bsc#1229585 * bsc#1229753 * bsc#1229764 * bsc#1229768 * bsc#1229790 * bsc#1229810 * bsc#1229899 * bsc#1229928 * bsc#1230015 * bsc#1230119 * bsc#1230123 * bsc#1230124 * bsc#1230125 * bsc#1230169 * bsc#1230170 * bsc#1230171 * bsc#1230173 * bsc#1230174 * bsc#1230175 * bsc#1230176 * bsc#1230178 * bsc#1230180 * bsc#1230181 * bsc#1230185 * bsc#1230191 * bsc#1230192 * bsc#1230193 * bsc#1230194 * bsc#1230195 * bsc#1230200 * bsc#1230204 * bsc#1230206 * bsc#1230207 * bsc#1230209 * bsc#1230211 * bsc#1230213 * bsc#1230217 * bsc#1230221 * bsc#1230224 * bsc#1230230 * bsc#1230232 * bsc#1230233 * bsc#1230240 * bsc#1230244 * bsc#1230245 * bsc#1230247 * bsc#1230248 * bsc#1230269 * bsc#1230270 * bsc#1230295 * bsc#1230340 * bsc#1230350 * bsc#1230413 * bsc#1230426 * bsc#1230430 * bsc#1230431 * bsc#1230432 * bsc#1230433 * bsc#1230434 * bsc#1230435 * bsc#1230440 * bsc#1230441 * bsc#1230442 * bsc#1230444 * bsc#1230450 * bsc#1230451 * bsc#1230454 * bsc#1230455 * bsc#1230457 * bsc#1230459 * bsc#1230506 * bsc#1230507 * bsc#1230511 * bsc#1230515 * bsc#1230517 * bsc#1230518 * bsc#1230519 * bsc#1230520 * bsc#1230521 * bsc#1230524 * bsc#1230526 * bsc#1230533 * bsc#1230535 * bsc#1230539 * bsc#1230540 * bsc#1230549 * bsc#1230556 * bsc#1230562 * bsc#1230563 * bsc#1230564 * bsc#1230580 * bsc#1230582 * bsc#1230589 * bsc#1230602 * bsc#1230699 * bsc#1230700 * bsc#1230701 * bsc#1230702 * bsc#1230703 * bsc#1230704 * bsc#1230705 * bsc#1230706 * bsc#1230709 * bsc#1230711 * bsc#1230712 * bsc#1230715 * bsc#1230719 * bsc#1230722 * bsc#1230724 * bsc#1230725 * bsc#1230726 * bsc#1230727 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230747 * bsc#1230748 * bsc#1230749 * bsc#1230751 * bsc#1230752 * bsc#1230753 * bsc#1230756 * bsc#1230761 * bsc#1230766 * bsc#1230767 * bsc#1230768 * bsc#1230771 * bsc#1230772 * bsc#1230775 * bsc#1230776 * bsc#1230780 * bsc#1230783 * bsc#1230786 * bsc#1230787 * bsc#1230791 * bsc#1230794 * bsc#1230796 * bsc#1230802 * bsc#1230806 * bsc#1230808 * bsc#1230809 * bsc#1230810 * bsc#1230812 * bsc#1230813 * bsc#1230814 * bsc#1230815 * bsc#1230821 * bsc#1230825 * bsc#1230830 * bsc#1230831 * bsc#1230854 * bsc#1230948 * bsc#1231008 * bsc#1231035 * bsc#1231120 * bsc#1231146 * bsc#1231182 * bsc#1231183 * jsc#PED-10954 * jsc#PED-9899 Cross-References: * CVE-2023-52610 * CVE-2023-52752 * CVE-2023-52915 * CVE-2023-52916 * CVE-2024-26640 * CVE-2024-26759 * CVE-2024-26804 * CVE-2024-36953 * CVE-2024-38538 * CVE-2024-38596 * CVE-2024-38632 * CVE-2024-40965 * CVE-2024-40973 * CVE-2024-40983 * CVE-2024-42154 * CVE-2024-42243 * CVE-2024-42252 * CVE-2024-42265 * CVE-2024-42294 * CVE-2024-42304 * CVE-2024-42305 * CVE-2024-42306 * CVE-2024-43828 * CVE-2024-43832 * CVE-2024-43835 * CVE-2024-43845 * CVE-2024-43870 * CVE-2024-43890 * CVE-2024-43898 * CVE-2024-43904 * CVE-2024-43914 * CVE-2024-44935 * CVE-2024-44944 * CVE-2024-44946 * CVE-2024-44947 * CVE-2024-44948 * CVE-2024-44950 * CVE-2024-44951 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44960 * CVE-2024-44961 * CVE-2024-44962 * CVE-2024-44965 * CVE-2024-44967 * CVE-2024-44969 * CVE-2024-44970 * CVE-2024-44971 * CVE-2024-44977 * CVE-2024-44982 * CVE-2024-44984 * CVE-2024-44985 * CVE-2024-44986 * CVE-2024-44987 * CVE-2024-44988 * CVE-2024-44989 * CVE-2024-44990 * CVE-2024-44991 * CVE-2024-44997 * CVE-2024-44998 * CVE-2024-44999 * CVE-2024-45000 * CVE-2024-45001 * CVE-2024-45002 * CVE-2024-45003 * CVE-2024-45005 * CVE-2024-45006 * CVE-2024-45007 * CVE-2024-45008 * CVE-2024-45011 * CVE-2024-45012 * CVE-2024-45013 * CVE-2024-45015 * CVE-2024-45017 * CVE-2024-45018 * CVE-2024-45019 * CVE-2024-45020 * CVE-2024-45021 * CVE-2024-45022 * CVE-2024-45023 * CVE-2024-45026 * CVE-2024-45028 * CVE-2024-45029 * CVE-2024-45030 * CVE-2024-46672 * CVE-2024-46673 * CVE-2024-46674 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46687 * CVE-2024-46689 * CVE-2024-46691 * CVE-2024-46692 * CVE-2024-46693 * CVE-2024-46694 * CVE-2024-46695 * CVE-2024-46702 * CVE-2024-46706 * CVE-2024-46707 * CVE-2024-46709 * CVE-2024-46710 * CVE-2024-46714 * CVE-2024-46715 * CVE-2024-46716 * CVE-2024-46717 * CVE-2024-46719 * CVE-2024-46720 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46724 * CVE-2024-46725 * CVE-2024-46726 * CVE-2024-46728 * CVE-2024-46729 * CVE-2024-46730 * CVE-2024-46731 * CVE-2024-46732 * CVE-2024-46734 * CVE-2024-46735 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46741 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46746 * CVE-2024-46747 * CVE-2024-46749 * CVE-2024-46750 * CVE-2024-46751 * CVE-2024-46752 * CVE-2024-46753 * CVE-2024-46755 * CVE-2024-46756 * CVE-2024-46757 * CVE-2024-46758 * CVE-2024-46759 * CVE-2024-46760 * CVE-2024-46761 * CVE-2024-46767 * CVE-2024-46771 * CVE-2024-46772 * CVE-2024-46773 * CVE-2024-46774 * CVE-2024-46776 * CVE-2024-46778 * CVE-2024-46780 * CVE-2024-46781 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46786 * CVE-2024-46787 * CVE-2024-46791 * CVE-2024-46794 * CVE-2024-46797 * CVE-2024-46798 * CVE-2024-46822 CVSS scores: * CVE-2023-52610 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26759 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26804 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36953 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38538 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38596 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40965 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-40973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40983 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42243 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42243 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42243 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42252 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42252 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42252 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-42294 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42294 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42304 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43832 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43845 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43870 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44951 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44960 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-44960 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N * CVE-2024-44960 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44961 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-44961 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44961 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44962 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-44962 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44962 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44965 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44967 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44967 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44977 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44984 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-44985 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44985 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44997 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44997 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45002 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45002 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45005 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45012 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45012 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45017 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-45018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45019 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45019 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45023 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45023 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45028 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45028 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45030 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46672 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46672 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46687 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46687 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46691 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46692 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46692 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46693 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46706 ( SUSE ): 4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46709 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46709 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46710 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46710 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46716 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-46717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46719 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46719 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46724 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46724 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46725 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46725 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46726 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46726 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46729 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46732 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46734 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46734 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46735 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46735 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46735 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46741 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-46741 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46741 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46746 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46746 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46746 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46747 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46747 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46747 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46749 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46749 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46749 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46752 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46752 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46756 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46756 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46757 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46757 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46757 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46758 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46758 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46760 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46760 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46760 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46767 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46776 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46780 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46786 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46786 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46791 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46794 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46794 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-46797 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46797 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46797 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 162 vulnerabilities, contains two features and has 50 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). * CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). * CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). * CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). * CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). * CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). * CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). * CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). * CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). * CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). * CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001). * CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). * CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). * CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371). * CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). * CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). * CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). * CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). * CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). * CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389). * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). * CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). * CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181). * CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). * CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). * CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). * CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206). * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). * CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). * CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). * CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). * CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). * CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). * CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). * CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). * CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). * CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). * CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). * CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). * CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). * CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). * CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). * CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). * CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). * CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). * CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). * CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). * CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: * ABI: testing: fix admv8818 attr description (git-fixes). * ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). * ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). * ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git- fixes). * ACPI: processor: Fix memory leaks in error paths of processor_add() (stable- fixes). * ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). * ACPI: sysfs: validate return type of _STR method (git-fixes). * ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE (stable-fixes). * ACPICA: executer/exsystem: Do not nag user about every Stall() violating the spec (git-fixes). * ALSA: control: Apply sanity check of input values for user elements (stable- fixes). * ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). * ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP (stable-fixes). * ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx (stable-fixes). * ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). * ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). * ALSA: hda/realtek: extend quirks for Clevo V5[46]0 (stable-fixes). * ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). * ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). * ALSA: hda: cs35l41: fix module autoloading (git-fixes). * ARM: 9406/1: Fix callchain_trace() return value (git-fixes). * ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). * ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). * ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git- fixes). * ASoC: cs42l42: Convert comma to semicolon (git-fixes). * ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). * ASoC: intel: fix module autoloading (stable-fixes). * ASoC: meson: Remove unused declartion in header file (git-fixes). * ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). * ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git- fixes). * ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). * ASoC: soc-ac97: Fix the incorrect description (git-fixes). * ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). * ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). * ASoC: tda7419: fix module autoloading (stable-fixes). * ASoC: tegra: Fix CBB error during probe() (git-fixes). * ASoC: topology: Properly initialize soc_enum values (stable-fixes). * ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). * ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). * Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). * Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). * Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). * Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). * Bluetooth: hci_event: Use HCI error defines instead of magic values (stable- fixes). * Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). * Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git- fixes). * Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). * Documentation: ioctl: document 0x07 ioctl code (git-fixes). * Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). * Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). * Drop soundwire patch that caused a regression (bsc#1230350) * HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). * HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable- fixes). * HID: multitouch: Add support for GT7868Q (stable-fixes). * HID: wacom: Do not warn about dropped packets for first packet (git-fixes). * HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). * IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) * Input: adp5588-keys - fix check on return code (git-fixes). * Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). * Input: ili210x - use kvmalloc() to allocate buffer for firmware update (stable-fixes). * Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). * Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). * Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). * Input: tsc2004/5 - fix reset handling on probe (git-fixes). * Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). * Input: uinput - reject requests with unreasonable number of slots (stable- fixes). * KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). * KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). * KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). * KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). * KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). * KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git- fixes). * KVM: arm64: Do not re-initialize the KVM lock (git-fixes). * KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). * KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (git- fixes). * KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). * KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). * KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git- fixes). * KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). * Move fixes into sorted section (bsc#1230119) * Move s390 kabi patch into the kabi section * NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). * NFSD: Fix frame size warning in svc_export_parse() (git-fixes). * NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). * NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). * PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). * PCI: Wait for Link before restoring Downstream Buses (git-fixes). * PCI: al: Check IORESOURCE_BUS existence during probe (stable-fixes). * PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). * PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ (git- fixes). * PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). * PCI: imx6: Fix missing call to phy_power_off() in error handling (git- fixes). * PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable- fixes). * PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). * PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). * PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). * PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/efa: Properly handle unexpected AQ completions (git-fixes) * RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) * RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) * RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) * RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) * RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git- fixes) * RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) * RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) * RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) * RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) * RDMA/hns: Optimize hem allocation performance (git-fixes) * RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) * RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) * RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) * RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) * RDMA/mlx5: Obtain upper net device only when needed (git-fixes) * RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) * RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git- fixes) * Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). * Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (git-fixes). * Revert "PCI: Extend ACS configurability (bsc#1228090)." (bsc#1229019) * Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" (stable- fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (git-fixes). * Revert "mm, kmsan: fix infinite recursion due to RCU critical section" (bsc#1230413) * Revert "mm/sparsemem: fix race in accessing memory_section->usage" (bsc#1230413) * Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()" (bsc#1230413) * Split kabi part of dm_blk_ioctl-implement-path-failover-for-SG_IO.patch * Squashfs: sanity check symbolic link size (git-fixes). * USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). * USB: serial: kobil_sct: restore initial terminal settings (git-fixes). * USB: serial: option: add MeiG Smart SRM825L (git-fixes). * USB: serial: option: add MeiG Smart SRM825L (stable-fixes). * USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). * USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). * VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). * afs: Do not cross .backup mountpoint from backup volume (git-fixes). * afs: Revert "afs: Hide silly-rename files from userspace" (git-fixes). * arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) * arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) * arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). * arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). * arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git- fixes). * arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). * arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git- fixes). * arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git- fixes). * arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). * arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git- fixes). * arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). * arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). * arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). * arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) * arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) * arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) * ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). * ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git- fixes). * ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). * ata: pata_macio: Use WARN instead of BUG (stable-fixes). * blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). * blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). * bpf, events: Use prog to emit ksymbol event for main program (git-fixes). * bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). * btrfs: fix race between direct IO write and fsync when using same fd (git- fixes). * btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). * bus: integrator-lm: fix OF node leak in probe() (git-fixes). * cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). * cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231183). * can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). * can: bcm: Remove proc entry when dev is unregistered (git-fixes). * can: j1939: use correct function name in comment (git-fixes). * can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). * can: m_can: Release irq on error in m_can_open (git-fixes). * can: m_can: enable NAPI before enabling interrupts (git-fixes). * can: m_can: m_can_close(): stop clocks after device has been shut down (git- fixes). * can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git- fixes). * can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). * can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode (git-fixes). * can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). * can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). * can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). * can: mcp251xfd: properly indent labels (stable-fixes). * can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). * can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). * cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). * cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (stable- fixes). * ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231182). * clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). * clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). * clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). * clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git- fixes). * clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). * clk: qcom: gcc-sc8280xp: do not use parking clk_ops for QUPs (git-fixes). * clk: qcom: gcc-sm8550: Do not park the USB RCG at registration time (git- fixes). * clk: qcom: gcc-sm8550: Do not use parking clk_ops for QUPs (git-fixes). * clk: qcom: ipq9574: Update the alpha PLL type for GPLLs (git-fixes). * clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). * clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (git- fixes). * clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (git-fixes). * clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). * cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable- fixes). * cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). * cpufreq: scmi: Avoid overflow of target_freq in fast switch (stable-fixes). * cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). * crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). * crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). * crypto: iaa - Fix potential use after free bug (git-fixes). * crypto: qat - fix unintentional re-enabling of error interrupts (stable- fixes). * crypto: xor - fix template benchmarking (git-fixes). * cxl/core: Fix incorrect vendor debug UUID define (git-fixes). * cxl/pci: Fix to record only non-zero ranges (git-fixes). * devres: Initialize an uninitialized struct member (stable-fixes). * dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). * dma-debug: avoid deadlock between dma debug vs printk and netconsole (stable-fixes). * dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (stable-fixes). * dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks (stable-fixes). * driver core: Fix a potential null-ptr-deref in module_add_driver() (git- fixes). * driver core: Fix error handling in driver API device_rename() (git-fixes). * driver: iio: add missing checks on iio_info's callback access (stable- fixes). * drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). * drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). * drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). * drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). * drm/amd/amdgpu: Properly tune the size of struct (git-fixes). * drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). * drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). * drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (stable-fixes). * drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). * drm/amd/display: Avoid overflow from uint32_t to uint8_t (stable-fixes). * drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). * drm/amd/display: Check BIOS images before it is used (stable-fixes). * drm/amd/display: Check HDCP returned status (stable-fixes). * drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). * drm/amd/display: Check denominator pbn_div before used (stable-fixes). * drm/amd/display: Check gpio_id before used as array index (stable-fixes). * drm/amd/display: Check index for aux_rd_interval before using (stable- fixes). * drm/amd/display: Check msg_id before processing transcation (stable-fixes). * drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). * drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). * drm/amd/display: Defer handling mst up request in resume (stable-fixes). * drm/amd/display: Disable error correction if it's not supported (stable- fixes). * drm/amd/display: Do not use fsleep for PSR exit waits on dmub replay (stable-fixes). * drm/amd/display: Ensure array index tg_inst won't be -1 (stable-fixes). * drm/amd/display: Ensure index calculation will not overflow (stable-fixes). * drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). * drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy (stable-fixes). * drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info (stable-fixes). * drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). * drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (stable-fixes). * drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 (stable-fixes). * drm/amd/display: Handle the case which quad_part is equal 0 (stable-fixes). * drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection (stable-fixes). * drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd (git-fixes). * drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). * drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). * drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable- fixes). * drm/amd/display: Solve mst monitors blank out problem after resume (git- fixes). * drm/amd/display: Spinlock before reading event (stable-fixes). * drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). * drm/amd/display: Wake DMCUB before sending a command for replay feature (stable-fixes). * drm/amd/display: added NULL check at start of dc_validate_stream (stable- fixes). * drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git- fixes). * drm/amd/display: use preferred link settings for dp signal only (stable- fixes). * drm/amd/pm: Fix negative array index read (stable-fixes). * drm/amd/pm: check negtive return for table entries (stable-fixes). * drm/amd/pm: check specific index for aldebaran (stable-fixes). * drm/amd/pm: check specific index for smu13 (stable-fixes). * drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable- fixes). * drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable- fixes). * drm/amd: Add gfx12 swizzle mode defs (stable-fixes). * drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). * drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). * drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). * drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable- fixes). * drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). * drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). * drm/amdgpu/swsmu: always force a state reprogram on init (stable-fixes). * drm/amdgpu: Fix get each xcp macro (git-fixes). * drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). * drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). * drm/amdgpu: Fix smatch static checker warning (stable-fixes). * drm/amdgpu: Fix the uninitialized variable warning (stable-fixes). * drm/amdgpu: Fix the warning division or modulo by zero (stable-fixes). * drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable- fixes). * drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl (stable- fixes). * drm/amdgpu: Handle sg size limit for contiguous allocation (stable-fixes). * drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). * drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb (stable-fixes). * drm/amdgpu: add lock in kfd_process_dequeue_from_device (stable-fixes). * drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). * drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes). * drm/amdgpu: align pp_power_profile_mode with kernel docs (stable-fixes). * drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). * drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). * drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). * drm/amdgpu: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: fix contiguous handling for IB parsing v2 (git-fixes). * drm/amdgpu: fix dereference after null check (stable-fixes). * drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). * drm/amdgpu: fix overflowed array index read warning (stable-fixes). * drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() (stable-fixes). * drm/amdgpu: fix the waring dereferencing hive (stable-fixes). * drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). * drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). * drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). * drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). * drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). * drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). * drm/amdgpu: update type of buf size to u32 for eeprom functions (stable- fixes). * drm/amdgu: fix Unintentional integer overflow for mall size (stable-fixes). * drm/amdkfd: Check debug trap enable before write dbg_ev_file (stable-fixes). * drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). * drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). * drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). * drm/drm-bridge: Drop conditionals around of_node pointers (stable-fixes). * drm/fb-helper: Do not schedule_work() to flush frame buffer during panic() (stable-fixes). * drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes). * drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). * drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git- fixes). * drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). * drm/i915: Do not attempt to load the GSC multiple times (git-fixes). * drm/kfd: Correct pinned buffer handling at kfd restore and validate process (stable-fixes). * drm/mediatek: Set sensible cursor width/height values to fix crash (stable- fixes). * drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). * drm/meson: plane: Add error handling (stable-fixes). * drm/msm/a5xx: disable preemption in submits by default (git-fixes). * drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). * drm/msm/a5xx: properly clear preemption records on resume (git-fixes). * drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). * drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). * drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). * drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). * drm/msm: fix %s null argument error (git-fixes). * drm/nouveau/fb: restore init() for ramgp102 (git-fixes). * drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git- fixes). * drm/radeon: fix null pointer dereference in radeon_add_common_modes (git- fixes). * drm/radeon: properly handle vbios fake edid sizing (git-fixes). * drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git- fixes). * drm/rockchip: vop: Allow 4096px width scaling (git-fixes). * drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). * drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). * drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). * drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). * drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). * drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). * drm: komeda: Fix an issue related to normalized zpos (stable-fixes). * drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). * drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). * drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). * ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). * erofs: fix incorrect symlink detection in fast symlink (git-fixes). * exfat: fix memory leak in exfat_load_bitmap() (git-fixes). * fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). * firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). * firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). * firmware_loader: Block path traversal (git-fixes). * fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). * fuse: fix memory leak in fuse_create_open (bsc#1230124). * fuse: update stats for pages in dropped aux writeback list (bsc#1230125). * fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230123). * gpio: modepin: Enable module autoloading (git-fixes). * gpio: rockchip: fix OF node leak in probe() (git-fixes). * hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). * hwmon: (k10temp) Check return value of amd_smn_read() (stable-fixes). * hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable- fixes). * hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). * hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (ntc_thermistor) fix module autoloading (git-fixes). * hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). * hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). * hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git- fixes). * hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git- fixes). * hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). * i2c: aspeed: Update the stop sw state when the bus recovery occurs (git- fixes). * i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). * i2c: isch: Add missed 'else' (git-fixes). * i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). * i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). * i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable- fixes). * iio: adc: ad7124: fix chip ID mismatch (git-fixes). * iio: adc: ad7124: fix config comparison (git-fixes). * iio: adc: ad7606: fix oversampling gpio array (git-fixes). * iio: adc: ad7606: fix standby gpio state to match the documentation (git- fixes). * iio: adc: ad7606: remove frstdata check for serial mode (git-fixes). * iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). * iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git- fixes). * iio: fix scale application in iio_convert_raw_to_processed_unlocked (git- fixes). * iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). * ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). * ipmi:ssif: Improve detecting during probing (bsc#1228771) * ipmi:ssif: Improve detecting during probing (bsc#1228771) Move patch into the sorted section. * ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206) * jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). * kABI workaround for cros_ec stuff (git-fixes). * kABI: Split kABI out of 'io_uring/kbuf: get rid of bl->is_ready' * kABI: Split kABI out of 'io_uring: Re-add dummy_ubuf for kABI purposes' * kABI: Split kABI out of io_uring/kbuf: protect io_buffer_list teardown with a reference * kabi: dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). * kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable- fixes). * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * leds: spi-byte: Call of_node_put() on error path (stable-fixes). * lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable- fixes). * lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). * mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). * mailbox: rockchip: fix a typo in module autoloading (git-fixes). * media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). * media: ov5675: Fix power on/off delay timings (git-fixes). * media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). * media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). * media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). * media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). * media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). * media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). * media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). * media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). * media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). * media: vivid: fix wrong sizeimage value for mplane (stable-fixes). * memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). * memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). * minmax: reduce min/max macro expansion in atomisp driver (git-fixes). * misc: fastrpc: Fix double free of 'buf' in error path (git-fixes). * mmc: core: apply SD quirks earlier during probe (git-fixes). * mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). * mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). * mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). * module: Fix KCOV-ignored file name (git-fixes). * mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). * mtd: slram: insert break after errors in parsing the map (git-fixes). * net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git- fixes). * net: phy: Fix missing of_node_put() for leds (git-fixes). * net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). * net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). * net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes). * nfsd: Do not leave work of closing files to a work queue (bsc#1228140). * nilfs2: determine empty node blocks as corrupted (git-fixes). * nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). * nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). * nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). * nilfs2: fix state management in error path of log writing function (git- fixes). * nilfs2: protect references to superblock parameters exposed in sysfs (git- fixes). * nouveau: fix the fwsec sb verification register (git-fixes). * nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). * nvme-multipath: system fails to create generic nvme device (bsc#1228244). * nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). * nvme-pci: allocate tagset on reset if necessary (git-fixes). * nvme-tcp: fix link failure for TCP auth (git-fixes). * nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). * nvme: clear caller pointer on identify failure (git-fixes). * nvme: fix namespace removal list (git-fixes). * nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). * nvmet-tcp: do not continue for invalid icreq (git-fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * nvmet-trace: avoid dereferencing pointer too early (git-fixes). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). * pcmcia: Use resource_size function on resource object (stable-fixes). * perf annotate: Introduce global annotation_options (git-fixes). * perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). * perf annotate: Use global annotation_options (git-fixes). * perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). * perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). * perf intel-pt: Fix exclude_guest setting (git-fixes). * perf machine thread: Remove exited threads by default (git-fixes). * perf maps: Move symbol maps functions to maps.c (git-fixes). * perf pmu: Assume sysfs events are always the same case (git-fixes). * perf pmus: Fixes always false when compare duplicates aliases (git-fixes). * perf record: Lazy load kernel symbols (git-fixes). * perf report: Convert to the global annotation_options (git-fixes). * perf report: Fix condition in sort__sym_cmp() (git-fixes). * perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). * perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). * perf tool: fix dereferencing NULL al->maps (git-fixes). * perf tools: Add/use PMU reverse lookup from config to name (git-fixes). * perf tools: Use pmus to describe type from attribute (git-fixes). * perf top: Convert to the global annotation_options (git-fixes). * perf/core: Fix missing wakeup when waiting for context reference (git- fixes). * perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git- fixes). * perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). * perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). * perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). * perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git- fixes). * perf/x86/intel/pt: Fix topa_entry base length (git-fixes). * perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git- fixes). * perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). * perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). * perf/x86/intel: Factor out the initialization code for SPR (git fixes). * perf/x86/intel: Limit the period on Haswell (git-fixes). * perf/x86/intel: Use the common uarch name for the shared functions (git fixes). * perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). * perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). * perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). * perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). * perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). * perf/x86/uncore: Save the unit control address of all units (bsc#1230119). * perf/x86/uncore: Support per PMU cpumask (bsc#1230119). * perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). * perf/x86: Serialize set_attr_rdpmc() (git-fixes). * perf: Fix default aux_watermark calculation (git-fixes). * perf: Fix event leak upon exit (git-fixes). * perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). * perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). * perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). * phy: zynqmp: Take the phy mutex in xlate (stable-fixes). * pinctrl: at91: make it work with current gpiolib (stable-fixes). * pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). * pinctrl: single: fix missing error code in pcs_probe() (git-fixes). * platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable- fixes). * platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). * platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). * platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). * platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). * platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git- fixes). * platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). * power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). * power: supply: axp20x_battery: Remove design from min and max voltage (git- fixes). * power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). * power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). * powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). * powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295 ltc#206656). * pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode (stable-fixes). * r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). * regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). * regmap: spi: Fix potential off-by-one when calculating reserved size (stable-fixes). * regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). * regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). * regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). * regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR (git-fixes). * regulator: rt5120: Convert comma to semicolon (git-fixes). * regulator: wm831x-isink: Convert comma to semicolon (git-fixes). * remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). * remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). * remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). * reset: berlin: fix OF node leak in probe() error path (git-fixes). * reset: k210: fix OF node leak in probe() error path (git-fixes). * resource: fix region_intersects() vs add_memory_driver_managed() (git- fixes). * rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc * rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). * s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). * s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). * s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). * s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). * s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). * scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). * scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). * scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). * scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). * scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). * selftests: lib: remove strscpy test (git-fixes). * selinux,smack: do not bypass permissions check in inode_setsecctx hook (stable-fixes). * soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). * soc: versatile: integrator: fix OF node leak in probe() error path (git- fixes). * spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). * spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). * spi: bcm63xx: Enable module autoloading (stable-fixes). * spi: bcm63xx: Fix module autoloading (git-fixes). * spi: meson-spicc: convert comma to semicolon (git-fixes). * spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). * spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). * spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). * spi: rockchip: Resolve unbalanced runtime PM / system PM handling (git- fixes). * spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). * spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). * spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). * spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). * staging: iio: frequency: ad9834: Validate frequency parameter value (git- fixes). * supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) * thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). * thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git- fixes). * thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git- fixes). * thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). * tomoyo: fallback to realpath if symlink's pathname does not exist (git- fixes). * tools/perf: Fix the string match for "/tmp/perf-$PID.map" files in dso__load (git-fixes). * tpm: Clean up TPM space after command failure (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). * uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git- fixes). * usb: cdnsp: Fix incorrect usb_request status (git-fixes). * usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). * usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). * usb: dwc3: Avoid waking up gadget during startxfer (git-fixes). * usb: dwc3: core: Prevent USB core invalid event buffer address access (git- fixes). * usb: dwc3: core: Prevent USB core invalid event buffer address access (stable-fixes). * usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). * usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). * usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). * usb: typec: ucsi: Wait 20ms before reading CCI after a reset (git-fixes). * usb: uas: set host status byte on data completion error (stable-fixes). * usbip: Do not submit special requests twice (stable-fixes). * usbnet: ipheth: add CDC NCM support (git-fixes). * usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). * usbnet: ipheth: drop RX URBs with no payload (git-fixes). * usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). * usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). * usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). * usbnet: ipheth: remove extraneous rx URB length check (git-fixes). * usbnet: ipheth: transmit URBs without trailing padding (git-fixes). * usbnet: modern method to get random MAC (git-fixes). * virtio-net: synchronize probe with ndo_set_features (git-fixes). * virtio_net: Fix napi_skb_cache_put warning (git-fixes). * virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). * watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). * wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() (stable- fixes). * wifi: ath12k: fix BSS chan info request WMI command (git-fixes). * wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). * wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). * wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). * wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes). * wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() (stable- fixes). * wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). * wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). * wifi: brcmfmac: introducing fwil query functions (git-fixes). * wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). * wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). * wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git- fixes). * wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git- fixes). * wifi: cfg80211: make hash table duplicates more survivable (stable-fixes). * wifi: cfg80211: restrict operation during radar detection (stable-fixes). * wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). * wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). * wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable- fixes). * wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). * wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). * wifi: iwlwifi: mvm: increase the time between ranging measurements (git- fixes). * wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). * wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). * wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD (stable-fixes). * wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). * wifi: mac80211: fix the comeback long retry times (git-fixes). * wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable- fixes). * wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git- fixes). * wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). * wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). * wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). * wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git- fixes). * wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). * wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). * wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). * wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). * wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). * wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). * wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). * wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). * wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). * wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). * wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). * wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). * wifi: rtw88: always wait for both firmware loading attempts (git-fixes). * wifi: rtw88: remove CPT execution branch never used (git-fixes). * wifi: rtw88: usb: schedule rx work after everything is set up (stable- fixes). * wifi: rtw89: ser: avoid multiple deinit on same CAM (stable-fixes). * wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). * wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). * x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). * x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). * x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). * x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). * x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops() (bsc#1221527). * x86/pat: Fix W^X violation false-positives when running as Xen PV guest (bsc#1221527). * x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527). * x86/pat: Restructure _lookup_address_cpa() (bsc#1221527). * xen/swiotlb: add alignment check for dma buffers (bsc#1229928). * xen/swiotlb: fix allocated size (git-fixes). * xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). * xen: allow mapping ACPI data using a different physical address (bsc#1226003). * xen: introduce generic helper checking for memory map conflicts (bsc#1226003). * xen: move checks for e820 conflicts further up (bsc#1226003). * xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). * xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). * xen: use correct end address of kernel for conflict checking (bsc#1226003). * xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git- fixes). * xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git- fixes). * xz: cleanup CRC32 edits from 2018 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3551=1 SUSE-2024-3551=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2024-3551=1 ## Package List: * openSUSE Leap 15.6 (aarch64 x86_64) * cluster-md-kmp-azure-debuginfo-6.4.0-150600.8.14.1 * kernel-azure-debuginfo-6.4.0-150600.8.14.1 * kernel-syms-azure-6.4.0-150600.8.14.1 * ocfs2-kmp-azure-6.4.0-150600.8.14.1 * reiserfs-kmp-azure-6.4.0-150600.8.14.1 * dlm-kmp-azure-debuginfo-6.4.0-150600.8.14.1 * ocfs2-kmp-azure-debuginfo-6.4.0-150600.8.14.1 * kernel-azure-optional-debuginfo-6.4.0-150600.8.14.1 * cluster-md-kmp-azure-6.4.0-150600.8.14.1 * kernel-azure-extra-debuginfo-6.4.0-150600.8.14.1 * kernel-azure-optional-6.4.0-150600.8.14.1 * kernel-azure-extra-6.4.0-150600.8.14.1 * gfs2-kmp-azure-debuginfo-6.4.0-150600.8.14.1 * dlm-kmp-azure-6.4.0-150600.8.14.1 * kernel-azure-livepatch-devel-6.4.0-150600.8.14.1 * kselftests-kmp-azure-6.4.0-150600.8.14.1 * kselftests-kmp-azure-debuginfo-6.4.0-150600.8.14.1 * kernel-azure-devel-6.4.0-150600.8.14.1 * kernel-azure-devel-debuginfo-6.4.0-150600.8.14.1 * gfs2-kmp-azure-6.4.0-150600.8.14.1 * kernel-azure-debugsource-6.4.0-150600.8.14.1 * reiserfs-kmp-azure-debuginfo-6.4.0-150600.8.14.1 * openSUSE Leap 15.6 (aarch64 nosrc x86_64) * kernel-azure-6.4.0-150600.8.14.1 * openSUSE Leap 15.6 (x86_64) * kernel-azure-vdso-debuginfo-6.4.0-150600.8.14.1 * kernel-azure-vdso-6.4.0-150600.8.14.1 * openSUSE Leap 15.6 (noarch) * kernel-devel-azure-6.4.0-150600.8.14.1 * kernel-source-azure-6.4.0-150600.8.14.1 * Public Cloud Module 15-SP6 (aarch64 nosrc x86_64) * kernel-azure-6.4.0-150600.8.14.1 * Public Cloud Module 15-SP6 (aarch64 x86_64) * kernel-azure-devel-6.4.0-150600.8.14.1 * kernel-azure-debuginfo-6.4.0-150600.8.14.1 * kernel-azure-devel-debuginfo-6.4.0-150600.8.14.1 * kernel-azure-debugsource-6.4.0-150600.8.14.1 * kernel-syms-azure-6.4.0-150600.8.14.1 * Public Cloud Module 15-SP6 (noarch) * kernel-devel-azure-6.4.0-150600.8.14.1 * kernel-source-azure-6.4.0-150600.8.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52610.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52915.html * https://www.suse.com/security/cve/CVE-2023-52916.html * https://www.suse.com/security/cve/CVE-2024-26640.html * https://www.suse.com/security/cve/CVE-2024-26759.html * https://www.suse.com/security/cve/CVE-2024-26804.html * https://www.suse.com/security/cve/CVE-2024-36953.html * https://www.suse.com/security/cve/CVE-2024-38538.html * https://www.suse.com/security/cve/CVE-2024-38596.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-40965.html * https://www.suse.com/security/cve/CVE-2024-40973.html * https://www.suse.com/security/cve/CVE-2024-40983.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42243.html * https://www.suse.com/security/cve/CVE-2024-42252.html * https://www.suse.com/security/cve/CVE-2024-42265.html * https://www.suse.com/security/cve/CVE-2024-42294.html * https://www.suse.com/security/cve/CVE-2024-42304.html * https://www.suse.com/security/cve/CVE-2024-42305.html * https://www.suse.com/security/cve/CVE-2024-42306.html * https://www.suse.com/security/cve/CVE-2024-43828.html * https://www.suse.com/security/cve/CVE-2024-43832.html * https://www.suse.com/security/cve/CVE-2024-43835.html * https://www.suse.com/security/cve/CVE-2024-43845.html * https://www.suse.com/security/cve/CVE-2024-43870.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43898.html * https://www.suse.com/security/cve/CVE-2024-43904.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44935.html * https://www.suse.com/security/cve/CVE-2024-44944.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44947.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44950.html * https://www.suse.com/security/cve/CVE-2024-44951.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44960.html * https://www.suse.com/security/cve/CVE-2024-44961.html * https://www.suse.com/security/cve/CVE-2024-44962.html * https://www.suse.com/security/cve/CVE-2024-44965.html * https://www.suse.com/security/cve/CVE-2024-44967.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44970.html * https://www.suse.com/security/cve/CVE-2024-44971.html * https://www.suse.com/security/cve/CVE-2024-44977.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44984.html * https://www.suse.com/security/cve/CVE-2024-44985.html * https://www.suse.com/security/cve/CVE-2024-44986.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44988.html * https://www.suse.com/security/cve/CVE-2024-44989.html * https://www.suse.com/security/cve/CVE-2024-44990.html * https://www.suse.com/security/cve/CVE-2024-44991.html * https://www.suse.com/security/cve/CVE-2024-44997.html * https://www.suse.com/security/cve/CVE-2024-44998.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45000.html * https://www.suse.com/security/cve/CVE-2024-45001.html * https://www.suse.com/security/cve/CVE-2024-45002.html * https://www.suse.com/security/cve/CVE-2024-45003.html * https://www.suse.com/security/cve/CVE-2024-45005.html * https://www.suse.com/security/cve/CVE-2024-45006.html * https://www.suse.com/security/cve/CVE-2024-45007.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-45011.html * https://www.suse.com/security/cve/CVE-2024-45012.html * https://www.suse.com/security/cve/CVE-2024-45013.html * https://www.suse.com/security/cve/CVE-2024-45015.html * https://www.suse.com/security/cve/CVE-2024-45017.html * https://www.suse.com/security/cve/CVE-2024-45018.html * https://www.suse.com/security/cve/CVE-2024-45019.html * https://www.suse.com/security/cve/CVE-2024-45020.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-45022.html * https://www.suse.com/security/cve/CVE-2024-45023.html * https://www.suse.com/security/cve/CVE-2024-45026.html * https://www.suse.com/security/cve/CVE-2024-45028.html * https://www.suse.com/security/cve/CVE-2024-45029.html * https://www.suse.com/security/cve/CVE-2024-45030.html * https://www.suse.com/security/cve/CVE-2024-46672.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46674.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46687.html * https://www.suse.com/security/cve/CVE-2024-46689.html * https://www.suse.com/security/cve/CVE-2024-46691.html * https://www.suse.com/security/cve/CVE-2024-46692.html * https://www.suse.com/security/cve/CVE-2024-46693.html * https://www.suse.com/security/cve/CVE-2024-46694.html * https://www.suse.com/security/cve/CVE-2024-46695.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46706.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46709.html * https://www.suse.com/security/cve/CVE-2024-46710.html * https://www.suse.com/security/cve/CVE-2024-46714.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46716.html * https://www.suse.com/security/cve/CVE-2024-46717.html * https://www.suse.com/security/cve/CVE-2024-46719.html * https://www.suse.com/security/cve/CVE-2024-46720.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46724.html * https://www.suse.com/security/cve/CVE-2024-46725.html * https://www.suse.com/security/cve/CVE-2024-46726.html * https://www.suse.com/security/cve/CVE-2024-46728.html * https://www.suse.com/security/cve/CVE-2024-46729.html * https://www.suse.com/security/cve/CVE-2024-46730.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46732.html * https://www.suse.com/security/cve/CVE-2024-46734.html * https://www.suse.com/security/cve/CVE-2024-46735.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46741.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46746.html * https://www.suse.com/security/cve/CVE-2024-46747.html * https://www.suse.com/security/cve/CVE-2024-46749.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46751.html * https://www.suse.com/security/cve/CVE-2024-46752.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46755.html * https://www.suse.com/security/cve/CVE-2024-46756.html * https://www.suse.com/security/cve/CVE-2024-46757.html * https://www.suse.com/security/cve/CVE-2024-46758.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46760.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46767.html * https://www.suse.com/security/cve/CVE-2024-46771.html * https://www.suse.com/security/cve/CVE-2024-46772.html * https://www.suse.com/security/cve/CVE-2024-46773.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46776.html * https://www.suse.com/security/cve/CVE-2024-46778.html * https://www.suse.com/security/cve/CVE-2024-46780.html * https://www.suse.com/security/cve/CVE-2024-46781.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46786.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46791.html * https://www.suse.com/security/cve/CVE-2024-46794.html * https://www.suse.com/security/cve/CVE-2024-46797.html * https://www.suse.com/security/cve/CVE-2024-46798.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://bugzilla.suse.com/show_bug.cgi?id=1012628 * https://bugzilla.suse.com/show_bug.cgi?id=1183045 * https://bugzilla.suse.com/show_bug.cgi?id=1215199 * https://bugzilla.suse.com/show_bug.cgi?id=1216223 * https://bugzilla.suse.com/show_bug.cgi?id=1216776 * https://bugzilla.suse.com/show_bug.cgi?id=1220382 * https://bugzilla.suse.com/show_bug.cgi?id=1221527 * https://bugzilla.suse.com/show_bug.cgi?id=1221610 * https://bugzilla.suse.com/show_bug.cgi?id=1221650 * https://bugzilla.suse.com/show_bug.cgi?id=1222629 * https://bugzilla.suse.com/show_bug.cgi?id=1223600 * https://bugzilla.suse.com/show_bug.cgi?id=1223848 * https://bugzilla.suse.com/show_bug.cgi?id=1225487 * https://bugzilla.suse.com/show_bug.cgi?id=1225812 * https://bugzilla.suse.com/show_bug.cgi?id=1225903 * https://bugzilla.suse.com/show_bug.cgi?id=1226003 * https://bugzilla.suse.com/show_bug.cgi?id=1226507 * https://bugzilla.suse.com/show_bug.cgi?id=1226606 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1226846 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227694 * https://bugzilla.suse.com/show_bug.cgi?id=1227726 * https://bugzilla.suse.com/show_bug.cgi?id=1227819 * https://bugzilla.suse.com/show_bug.cgi?id=1227885 * https://bugzilla.suse.com/show_bug.cgi?id=1227890 * https://bugzilla.suse.com/show_bug.cgi?id=1227962 * https://bugzilla.suse.com/show_bug.cgi?id=1228090 * https://bugzilla.suse.com/show_bug.cgi?id=1228140 * https://bugzilla.suse.com/show_bug.cgi?id=1228244 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228771 * https://bugzilla.suse.com/show_bug.cgi?id=1229001 * https://bugzilla.suse.com/show_bug.cgi?id=1229004 * https://bugzilla.suse.com/show_bug.cgi?id=1229019 * https://bugzilla.suse.com/show_bug.cgi?id=1229086 * https://bugzilla.suse.com/show_bug.cgi?id=1229167 * https://bugzilla.suse.com/show_bug.cgi?id=1229169 * https://bugzilla.suse.com/show_bug.cgi?id=1229289 * https://bugzilla.suse.com/show_bug.cgi?id=1229334 * https://bugzilla.suse.com/show_bug.cgi?id=1229362 * https://bugzilla.suse.com/show_bug.cgi?id=1229363 * https://bugzilla.suse.com/show_bug.cgi?id=1229364 * https://bugzilla.suse.com/show_bug.cgi?id=1229371 * https://bugzilla.suse.com/show_bug.cgi?id=1229380 * https://bugzilla.suse.com/show_bug.cgi?id=1229389 * https://bugzilla.suse.com/show_bug.cgi?id=1229394 * https://bugzilla.suse.com/show_bug.cgi?id=1229429 * https://bugzilla.suse.com/show_bug.cgi?id=1229443 * https://bugzilla.suse.com/show_bug.cgi?id=1229452 * https://bugzilla.suse.com/show_bug.cgi?id=1229455 * https://bugzilla.suse.com/show_bug.cgi?id=1229456 * https://bugzilla.suse.com/show_bug.cgi?id=1229494 * https://bugzilla.suse.com/show_bug.cgi?id=1229585 * https://bugzilla.suse.com/show_bug.cgi?id=1229753 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229768 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229810 * https://bugzilla.suse.com/show_bug.cgi?id=1229899 * https://bugzilla.suse.com/show_bug.cgi?id=1229928 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230119 * https://bugzilla.suse.com/show_bug.cgi?id=1230123 * https://bugzilla.suse.com/show_bug.cgi?id=1230124 * https://bugzilla.suse.com/show_bug.cgi?id=1230125 * https://bugzilla.suse.com/show_bug.cgi?id=1230169 * https://bugzilla.suse.com/show_bug.cgi?id=1230170 * https://bugzilla.suse.com/show_bug.cgi?id=1230171 * https://bugzilla.suse.com/show_bug.cgi?id=1230173 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230175 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230180 * https://bugzilla.suse.com/show_bug.cgi?id=1230181 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230191 * https://bugzilla.suse.com/show_bug.cgi?id=1230192 * https://bugzilla.suse.com/show_bug.cgi?id=1230193 * https://bugzilla.suse.com/show_bug.cgi?id=1230194 * https://bugzilla.suse.com/show_bug.cgi?id=1230195 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230206 * https://bugzilla.suse.com/show_bug.cgi?id=1230207 * https://bugzilla.suse.com/show_bug.cgi?id=1230209 * https://bugzilla.suse.com/show_bug.cgi?id=1230211 * https://bugzilla.suse.com/show_bug.cgi?id=1230213 * https://bugzilla.suse.com/show_bug.cgi?id=1230217 * https://bugzilla.suse.com/show_bug.cgi?id=1230221 * https://bugzilla.suse.com/show_bug.cgi?id=1230224 * https://bugzilla.suse.com/show_bug.cgi?id=1230230 * https://bugzilla.suse.com/show_bug.cgi?id=1230232 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230240 * https://bugzilla.suse.com/show_bug.cgi?id=1230244 * https://bugzilla.suse.com/show_bug.cgi?id=1230245 * https://bugzilla.suse.com/show_bug.cgi?id=1230247 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230269 * https://bugzilla.suse.com/show_bug.cgi?id=1230270 * https://bugzilla.suse.com/show_bug.cgi?id=1230295 * https://bugzilla.suse.com/show_bug.cgi?id=1230340 * https://bugzilla.suse.com/show_bug.cgi?id=1230350 * https://bugzilla.suse.com/show_bug.cgi?id=1230413 * https://bugzilla.suse.com/show_bug.cgi?id=1230426 * https://bugzilla.suse.com/show_bug.cgi?id=1230430 * https://bugzilla.suse.com/show_bug.cgi?id=1230431 * https://bugzilla.suse.com/show_bug.cgi?id=1230432 * https://bugzilla.suse.com/show_bug.cgi?id=1230433 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230435 * https://bugzilla.suse.com/show_bug.cgi?id=1230440 * https://bugzilla.suse.com/show_bug.cgi?id=1230441 * https://bugzilla.suse.com/show_bug.cgi?id=1230442 * https://bugzilla.suse.com/show_bug.cgi?id=1230444 * https://bugzilla.suse.com/show_bug.cgi?id=1230450 * https://bugzilla.suse.com/show_bug.cgi?id=1230451 * https://bugzilla.suse.com/show_bug.cgi?id=1230454 * https://bugzilla.suse.com/show_bug.cgi?id=1230455 * https://bugzilla.suse.com/show_bug.cgi?id=1230457 * https://bugzilla.suse.com/show_bug.cgi?id=1230459 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230507 * https://bugzilla.suse.com/show_bug.cgi?id=1230511 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230518 * https://bugzilla.suse.com/show_bug.cgi?id=1230519 * https://bugzilla.suse.com/show_bug.cgi?id=1230520 * https://bugzilla.suse.com/show_bug.cgi?id=1230521 * https://bugzilla.suse.com/show_bug.cgi?id=1230524 * https://bugzilla.suse.com/show_bug.cgi?id=1230526 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230539 * https://bugzilla.suse.com/show_bug.cgi?id=1230540 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230562 * https://bugzilla.suse.com/show_bug.cgi?id=1230563 * https://bugzilla.suse.com/show_bug.cgi?id=1230564 * https://bugzilla.suse.com/show_bug.cgi?id=1230580 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230602 * https://bugzilla.suse.com/show_bug.cgi?id=1230699 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230701 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230703 * https://bugzilla.suse.com/show_bug.cgi?id=1230704 * https://bugzilla.suse.com/show_bug.cgi?id=1230705 * https://bugzilla.suse.com/show_bug.cgi?id=1230706 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230711 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230715 * https://bugzilla.suse.com/show_bug.cgi?id=1230719 * https://bugzilla.suse.com/show_bug.cgi?id=1230722 * https://bugzilla.suse.com/show_bug.cgi?id=1230724 * https://bugzilla.suse.com/show_bug.cgi?id=1230725 * https://bugzilla.suse.com/show_bug.cgi?id=1230726 * https://bugzilla.suse.com/show_bug.cgi?id=1230727 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230749 * https://bugzilla.suse.com/show_bug.cgi?id=1230751 * https://bugzilla.suse.com/show_bug.cgi?id=1230752 * https://bugzilla.suse.com/show_bug.cgi?id=1230753 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230766 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230768 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230772 * https://bugzilla.suse.com/show_bug.cgi?id=1230775 * https://bugzilla.suse.com/show_bug.cgi?id=1230776 * https://bugzilla.suse.com/show_bug.cgi?id=1230780 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230786 * https://bugzilla.suse.com/show_bug.cgi?id=1230787 * https://bugzilla.suse.com/show_bug.cgi?id=1230791 * https://bugzilla.suse.com/show_bug.cgi?id=1230794 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230802 * https://bugzilla.suse.com/show_bug.cgi?id=1230806 * https://bugzilla.suse.com/show_bug.cgi?id=1230808 * https://bugzilla.suse.com/show_bug.cgi?id=1230809 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230812 * https://bugzilla.suse.com/show_bug.cgi?id=1230813 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230821 * https://bugzilla.suse.com/show_bug.cgi?id=1230825 * https://bugzilla.suse.com/show_bug.cgi?id=1230830 * https://bugzilla.suse.com/show_bug.cgi?id=1230831 * https://bugzilla.suse.com/show_bug.cgi?id=1230854 * https://bugzilla.suse.com/show_bug.cgi?id=1230948 * https://bugzilla.suse.com/show_bug.cgi?id=1231008 * https://bugzilla.suse.com/show_bug.cgi?id=1231035 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://bugzilla.suse.com/show_bug.cgi?id=1231182 * https://bugzilla.suse.com/show_bug.cgi?id=1231183 * https://jira.suse.com/browse/PED-10954 * https://jira.suse.com/browse/PED-9899 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:35:10 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:35:10 -0000 Subject: SUSE-SU-2024:3550-1: moderate: Security update for podofo Message-ID: <172840531031.4252.3132726029154860578@smelt2.prg2.suse.org> # Security update for podofo Announcement ID: SUSE-SU-2024:3550-1 Release Date: 2024-10-08T14:08:01Z Rating: moderate References: * bsc#1023072 * bsc#1023190 * bsc#1027776 * bsc#1027779 * bsc#1027785 * bsc#1027786 * bsc#1027787 * bsc#1037000 * bsc#1075322 * bsc#1084894 Cross-References: * CVE-2015-8981 * CVE-2017-6840 * CVE-2017-6841 * CVE-2017-6842 * CVE-2017-6845 * CVE-2017-6849 * CVE-2017-8378 * CVE-2018-5309 * CVE-2018-8001 CVSS scores: * CVE-2017-6840 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-6841 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-6842 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-6845 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-6849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-6849 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2017-8378 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2017-8378 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-5309 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2018-5309 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-8001 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2018-8001 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves nine vulnerabilities and has one security fix can now be installed. ## Description: This update for podofo fixes the following issues: * CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190) * CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787) * CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786) * CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785) * CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779) * CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776) * CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000) * Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3550=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3550=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3550=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3550=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3550=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * podofo-debugsource-0.9.6-150300.3.15.1 * libpodofo0_9_6-0.9.6-150300.3.15.1 * podofo-debuginfo-0.9.6-150300.3.15.1 * libpodofo0_9_6-debuginfo-0.9.6-150300.3.15.1 * podofo-0.9.6-150300.3.15.1 * libpodofo-devel-0.9.6-150300.3.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * podofo-debugsource-0.9.6-150300.3.15.1 * libpodofo0_9_6-0.9.6-150300.3.15.1 * podofo-debuginfo-0.9.6-150300.3.15.1 * libpodofo0_9_6-debuginfo-0.9.6-150300.3.15.1 * podofo-0.9.6-150300.3.15.1 * libpodofo-devel-0.9.6-150300.3.15.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * podofo-debugsource-0.9.6-150300.3.15.1 * libpodofo0_9_6-0.9.6-150300.3.15.1 * podofo-debuginfo-0.9.6-150300.3.15.1 * libpodofo0_9_6-debuginfo-0.9.6-150300.3.15.1 * podofo-0.9.6-150300.3.15.1 * libpodofo-devel-0.9.6-150300.3.15.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * podofo-debugsource-0.9.6-150300.3.15.1 * libpodofo0_9_6-0.9.6-150300.3.15.1 * podofo-debuginfo-0.9.6-150300.3.15.1 * libpodofo0_9_6-debuginfo-0.9.6-150300.3.15.1 * podofo-0.9.6-150300.3.15.1 * libpodofo-devel-0.9.6-150300.3.15.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * podofo-debugsource-0.9.6-150300.3.15.1 * libpodofo0_9_6-0.9.6-150300.3.15.1 * podofo-debuginfo-0.9.6-150300.3.15.1 * libpodofo0_9_6-debuginfo-0.9.6-150300.3.15.1 * podofo-0.9.6-150300.3.15.1 * libpodofo-devel-0.9.6-150300.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2015-8981.html * https://www.suse.com/security/cve/CVE-2017-6840.html * https://www.suse.com/security/cve/CVE-2017-6841.html * https://www.suse.com/security/cve/CVE-2017-6842.html * https://www.suse.com/security/cve/CVE-2017-6845.html * https://www.suse.com/security/cve/CVE-2017-6849.html * https://www.suse.com/security/cve/CVE-2017-8378.html * https://www.suse.com/security/cve/CVE-2018-5309.html * https://www.suse.com/security/cve/CVE-2018-8001.html * https://bugzilla.suse.com/show_bug.cgi?id=1023072 * https://bugzilla.suse.com/show_bug.cgi?id=1023190 * https://bugzilla.suse.com/show_bug.cgi?id=1027776 * https://bugzilla.suse.com/show_bug.cgi?id=1027779 * https://bugzilla.suse.com/show_bug.cgi?id=1027785 * https://bugzilla.suse.com/show_bug.cgi?id=1027786 * https://bugzilla.suse.com/show_bug.cgi?id=1027787 * https://bugzilla.suse.com/show_bug.cgi?id=1037000 * https://bugzilla.suse.com/show_bug.cgi?id=1075322 * https://bugzilla.suse.com/show_bug.cgi?id=1084894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:35:15 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:35:15 -0000 Subject: SUSE-SU-2024:3549-1: important: Security update for redis7 Message-ID: <172840531543.4252.2658872954956208533@smelt2.prg2.suse.org> # Security update for redis7 Announcement ID: SUSE-SU-2024:3549-1 Release Date: 2024-10-08T14:07:24Z Rating: important References: * bsc#1231264 * bsc#1231265 * bsc#1231266 Cross-References: * CVE-2024-31227 * CVE-2024-31228 * CVE-2024-31449 CVSS scores: * CVE-2024-31227 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2024-31227 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-31228 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-31228 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-31449 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-31449 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for redis7 fixes the following issues: * CVE-2024-31227: Fixed parsing issue leading to denail of service (bsc#1231266) * CVE-2024-31228: Fixed unbounded recursive pattern matching (bsc#1231265) * CVE-2024-31449: Fixed integer overflow bug in Lua bit_tohex (bsc#1231264) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3549=1 SUSE-2024-3549=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-3549=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * redis7-7.0.8-150500.3.12.1 * redis7-debugsource-7.0.8-150500.3.12.1 * redis7-debuginfo-7.0.8-150500.3.12.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * redis7-7.0.8-150500.3.12.1 * redis7-debugsource-7.0.8-150500.3.12.1 * redis7-debuginfo-7.0.8-150500.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31227.html * https://www.suse.com/security/cve/CVE-2024-31228.html * https://www.suse.com/security/cve/CVE-2024-31449.html * https://bugzilla.suse.com/show_bug.cgi?id=1231264 * https://bugzilla.suse.com/show_bug.cgi?id=1231265 * https://bugzilla.suse.com/show_bug.cgi?id=1231266 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:35:22 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:35:22 -0000 Subject: SUSE-SU-2024:3548-1: moderate: Security update for Mesa Message-ID: <172840532292.4252.15007294873267285305@smelt2.prg2.suse.org> # Security update for Mesa Announcement ID: SUSE-SU-2024:3548-1 Release Date: 2024-10-08T14:07:13Z Rating: moderate References: * bsc#1222040 * bsc#1222041 * bsc#1222042 Cross-References: * CVE-2023-45913 * CVE-2023-45919 * CVE-2023-45922 CVSS scores: * CVE-2023-45913 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45919 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H * CVE-2023-45922 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for Mesa fixes the following issues: * CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040) * CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041) * CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#1222042) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3548=1 SUSE-2024-3548=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3548=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3548=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3548=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3548=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3548=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3548=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3548=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * Mesa-libglapi-devel-22.3.5-150500.77.5.1 * libOSMesa8-debuginfo-22.3.5-150500.77.5.1 * libgbm1-22.3.5-150500.77.5.1 * Mesa-debugsource-22.3.5-150500.77.5.1 * Mesa-libEGL1-22.3.5-150500.77.5.1 * libOSMesa-devel-22.3.5-150500.77.5.1 * Mesa-libGL-devel-22.3.5-150500.77.5.1 * Mesa-22.3.5-150500.77.5.1 * Mesa-libGLESv3-devel-22.3.5-150500.77.5.1 * Mesa-drivers-debugsource-22.3.5-150500.77.5.1 * libgbm-devel-22.3.5-150500.77.5.1 * libgbm1-debuginfo-22.3.5-150500.77.5.1 * Mesa-devel-22.3.5-150500.77.5.1 * Mesa-libGL1-22.3.5-150500.77.5.1 * Mesa-libGL1-debuginfo-22.3.5-150500.77.5.1 * Mesa-libGLESv1_CM-devel-22.3.5-150500.77.5.1 * Mesa-libglapi0-debuginfo-22.3.5-150500.77.5.1 * Mesa-libEGL1-debuginfo-22.3.5-150500.77.5.1 * Mesa-KHR-devel-22.3.5-150500.77.5.1 * Mesa-libglapi0-22.3.5-150500.77.5.1 * Mesa-libGLESv2-devel-22.3.5-150500.77.5.1 * Mesa-dri-devel-22.3.5-150500.77.5.1 * Mesa-dri-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-22.3.5-150500.77.5.1 * libOSMesa8-22.3.5-150500.77.5.1 * Mesa-libEGL-devel-22.3.5-150500.77.5.1 * openSUSE Leap 15.5 (x86_64) * Mesa-dri-32bit-22.3.5-150500.77.5.1 * libOSMesa8-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-vulkan-overlay-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libd3d-32bit-22.3.5-150500.77.5.1 * Mesa-libEGL1-32bit-22.3.5-150500.77.5.1 * libgbm-devel-32bit-22.3.5-150500.77.5.1 * libvulkan_intel-32bit-22.3.5-150500.77.5.1 * Mesa-libGLESv2-devel-32bit-22.3.5-150500.77.5.1 * Mesa-libd3d-32bit-debuginfo-22.3.5-150500.77.5.1 * libvulkan_radeon-32bit-22.3.5-150500.77.5.1 * Mesa-libglapi-devel-32bit-22.3.5-150500.77.5.1 * libvulkan_intel-32bit-debuginfo-22.3.5-150500.77.5.1 * libvdpau_r300-32bit-22.3.5-150500.77.5.1 * Mesa-vulkan-device-select-32bit-debuginfo-22.3.5-150500.77.5.1 * libOSMesa8-32bit-22.3.5-150500.77.5.1 * Mesa-32bit-22.3.5-150500.77.5.1 * libgbm1-32bit-22.3.5-150500.77.5.1 * libvdpau_r600-32bit-debuginfo-22.3.5-150500.77.5.1 * libvdpau_virtio_gpu-32bit-22.3.5-150500.77.5.1 * libvdpau_virtio_gpu-32bit-debuginfo-22.3.5-150500.77.5.1 * libOSMesa-devel-32bit-22.3.5-150500.77.5.1 * libvulkan_radeon-32bit-debuginfo-22.3.5-150500.77.5.1 * libvdpau_radeonsi-32bit-22.3.5-150500.77.5.1 * Mesa-libglapi0-32bit-22.3.5-150500.77.5.1 * libgbm1-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libd3d-devel-32bit-22.3.5-150500.77.5.1 * Mesa-libEGL-devel-32bit-22.3.5-150500.77.5.1 * libvdpau_radeonsi-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-vulkan-overlay-32bit-22.3.5-150500.77.5.1 * libvdpau_r600-32bit-22.3.5-150500.77.5.1 * Mesa-libEGL1-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libGL1-32bit-22.3.5-150500.77.5.1 * libvdpau_r300-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-gallium-32bit-22.3.5-150500.77.5.1 * Mesa-dri-nouveau-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-gallium-32bit-debuginfo-22.3.5-150500.77.5.1 * libvdpau_nouveau-32bit-22.3.5-150500.77.5.1 * Mesa-libGLESv1_CM-devel-32bit-22.3.5-150500.77.5.1 * Mesa-vulkan-device-select-32bit-22.3.5-150500.77.5.1 * Mesa-dri-nouveau-32bit-22.3.5-150500.77.5.1 * Mesa-libGL1-32bit-debuginfo-22.3.5-150500.77.5.1 * libvdpau_nouveau-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libglapi0-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libGL-devel-32bit-22.3.5-150500.77.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * libvdpau_r300-22.3.5-150500.77.5.1 * libvdpau_nouveau-22.3.5-150500.77.5.1 * libxatracker2-1.0.0-150500.77.5.1 * Mesa-gallium-22.3.5-150500.77.5.1 * Mesa-dri-nouveau-22.3.5-150500.77.5.1 * libvdpau_radeonsi-22.3.5-150500.77.5.1 * libvdpau_virtio_gpu-22.3.5-150500.77.5.1 * libvdpau_radeonsi-debuginfo-22.3.5-150500.77.5.1 * Mesa-gallium-debuginfo-22.3.5-150500.77.5.1 * Mesa-libva-debuginfo-22.3.5-150500.77.5.1 * libxatracker2-debuginfo-1.0.0-150500.77.5.1 * libvdpau_r600-debuginfo-22.3.5-150500.77.5.1 * libvdpau_nouveau-debuginfo-22.3.5-150500.77.5.1 * libvdpau_r600-22.3.5-150500.77.5.1 * libxatracker-devel-1.0.0-150500.77.5.1 * Mesa-libva-22.3.5-150500.77.5.1 * Mesa-libOpenCL-22.3.5-150500.77.5.1 * Mesa-dri-nouveau-debuginfo-22.3.5-150500.77.5.1 * Mesa-libOpenCL-debuginfo-22.3.5-150500.77.5.1 * libvdpau_virtio_gpu-debuginfo-22.3.5-150500.77.5.1 * libvdpau_r300-debuginfo-22.3.5-150500.77.5.1 * openSUSE Leap 15.5 (aarch64 x86_64 i586) * Mesa-vulkan-device-select-debuginfo-22.3.5-150500.77.5.1 * Mesa-vulkan-overlay-22.3.5-150500.77.5.1 * libvulkan_lvp-22.3.5-150500.77.5.1 * libvulkan_radeon-22.3.5-150500.77.5.1 * libvulkan_radeon-debuginfo-22.3.5-150500.77.5.1 * Mesa-libd3d-debuginfo-22.3.5-150500.77.5.1 * Mesa-libd3d-devel-22.3.5-150500.77.5.1 * libvulkan_lvp-debuginfo-22.3.5-150500.77.5.1 * Mesa-libd3d-22.3.5-150500.77.5.1 * Mesa-vulkan-overlay-debuginfo-22.3.5-150500.77.5.1 * Mesa-vulkan-device-select-22.3.5-150500.77.5.1 * openSUSE Leap 15.5 (x86_64 i586) * libvulkan_intel-debuginfo-22.3.5-150500.77.5.1 * libvulkan_intel-22.3.5-150500.77.5.1 * openSUSE Leap 15.5 (aarch64_ilp32) * Mesa-libglapi0-64bit-debuginfo-22.3.5-150500.77.5.1 * libvdpau_virtio_gpu-64bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libEGL1-64bit-debuginfo-22.3.5-150500.77.5.1 * libgbm-devel-64bit-22.3.5-150500.77.5.1 * Mesa-libGL-devel-64bit-22.3.5-150500.77.5.1 * libgbm1-64bit-22.3.5-150500.77.5.1 * libvdpau_r300-64bit-22.3.5-150500.77.5.1 * libvdpau_radeonsi-64bit-debuginfo-22.3.5-150500.77.5.1 * libOSMesa8-64bit-22.3.5-150500.77.5.1 * libOSMesa8-64bit-debuginfo-22.3.5-150500.77.5.1 * libgbm1-64bit-debuginfo-22.3.5-150500.77.5.1 * libvdpau_r300-64bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libGLESv1_CM-devel-64bit-22.3.5-150500.77.5.1 * Mesa-libGL1-64bit-22.3.5-150500.77.5.1 * Mesa-gallium-64bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-vulkan-overlay-64bit-22.3.5-150500.77.5.1 * libvdpau_nouveau-64bit-22.3.5-150500.77.5.1 * Mesa-gallium-64bit-22.3.5-150500.77.5.1 * Mesa-libd3d-devel-64bit-22.3.5-150500.77.5.1 * Mesa-vulkan-device-select-64bit-22.3.5-150500.77.5.1 * Mesa-vulkan-device-select-64bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libd3d-64bit-22.3.5-150500.77.5.1 * libvdpau_nouveau-64bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-vc4-64bit-debuginfo-22.3.5-150500.77.5.1 * libOSMesa-devel-64bit-22.3.5-150500.77.5.1 * Mesa-libGL1-64bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-vc4-64bit-22.3.5-150500.77.5.1 * Mesa-libEGL-devel-64bit-22.3.5-150500.77.5.1 * Mesa-libd3d-64bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-64bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-nouveau-64bit-22.3.5-150500.77.5.1 * Mesa-64bit-22.3.5-150500.77.5.1 * Mesa-libEGL1-64bit-22.3.5-150500.77.5.1 * Mesa-libglapi-devel-64bit-22.3.5-150500.77.5.1 * Mesa-dri-nouveau-64bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libGLESv2-devel-64bit-22.3.5-150500.77.5.1 * Mesa-libglapi0-64bit-22.3.5-150500.77.5.1 * Mesa-vulkan-overlay-64bit-debuginfo-22.3.5-150500.77.5.1 * libvdpau_r600-64bit-22.3.5-150500.77.5.1 * libvdpau_r600-64bit-debuginfo-22.3.5-150500.77.5.1 * libvdpau_radeonsi-64bit-22.3.5-150500.77.5.1 * libvulkan_radeon-64bit-debuginfo-22.3.5-150500.77.5.1 * libvulkan_radeon-64bit-22.3.5-150500.77.5.1 * libvdpau_virtio_gpu-64bit-22.3.5-150500.77.5.1 * Mesa-dri-64bit-22.3.5-150500.77.5.1 * openSUSE Leap 15.5 (aarch64) * libvulkan_broadcom-debuginfo-22.3.5-150500.77.5.1 * libvulkan_freedreno-22.3.5-150500.77.5.1 * Mesa-dri-vc4-22.3.5-150500.77.5.1 * libvulkan_broadcom-22.3.5-150500.77.5.1 * libvulkan_freedreno-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-vc4-debuginfo-22.3.5-150500.77.5.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * Mesa-22.3.5-150500.77.5.1 * Mesa-libGL1-22.3.5-150500.77.5.1 * Mesa-libGL1-debuginfo-22.3.5-150500.77.5.1 * Mesa-libglapi0-22.3.5-150500.77.5.1 * Mesa-drivers-debugsource-22.3.5-150500.77.5.1 * libgbm1-debuginfo-22.3.5-150500.77.5.1 * libgbm1-22.3.5-150500.77.5.1 * Mesa-debugsource-22.3.5-150500.77.5.1 * Mesa-libEGL1-22.3.5-150500.77.5.1 * Mesa-dri-debuginfo-22.3.5-150500.77.5.1 * Mesa-libglapi0-debuginfo-22.3.5-150500.77.5.1 * Mesa-libEGL1-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-22.3.5-150500.77.5.1 * openSUSE Leap Micro 5.5 (aarch64 x86_64) * Mesa-gallium-22.3.5-150500.77.5.1 * Mesa-gallium-debuginfo-22.3.5-150500.77.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * Mesa-22.3.5-150500.77.5.1 * Mesa-libGL1-22.3.5-150500.77.5.1 * Mesa-libGL1-debuginfo-22.3.5-150500.77.5.1 * Mesa-libglapi0-22.3.5-150500.77.5.1 * Mesa-drivers-debugsource-22.3.5-150500.77.5.1 * libgbm1-debuginfo-22.3.5-150500.77.5.1 * libgbm1-22.3.5-150500.77.5.1 * Mesa-debugsource-22.3.5-150500.77.5.1 * Mesa-libEGL1-22.3.5-150500.77.5.1 * Mesa-dri-debuginfo-22.3.5-150500.77.5.1 * Mesa-libglapi0-debuginfo-22.3.5-150500.77.5.1 * Mesa-libEGL1-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-22.3.5-150500.77.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le x86_64) * Mesa-gallium-22.3.5-150500.77.5.1 * Mesa-gallium-debuginfo-22.3.5-150500.77.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * Mesa-libglapi-devel-22.3.5-150500.77.5.1 * libOSMesa8-debuginfo-22.3.5-150500.77.5.1 * libgbm1-22.3.5-150500.77.5.1 * Mesa-debugsource-22.3.5-150500.77.5.1 * Mesa-libEGL1-22.3.5-150500.77.5.1 * libOSMesa-devel-22.3.5-150500.77.5.1 * Mesa-libGL-devel-22.3.5-150500.77.5.1 * Mesa-22.3.5-150500.77.5.1 * Mesa-libGLESv3-devel-22.3.5-150500.77.5.1 * Mesa-drivers-debugsource-22.3.5-150500.77.5.1 * libgbm-devel-22.3.5-150500.77.5.1 * libgbm1-debuginfo-22.3.5-150500.77.5.1 * libOSMesa8-22.3.5-150500.77.5.1 * Mesa-devel-22.3.5-150500.77.5.1 * Mesa-libGL1-22.3.5-150500.77.5.1 * Mesa-libGL1-debuginfo-22.3.5-150500.77.5.1 * Mesa-libGLESv1_CM-devel-22.3.5-150500.77.5.1 * Mesa-libglapi0-debuginfo-22.3.5-150500.77.5.1 * Mesa-libEGL1-debuginfo-22.3.5-150500.77.5.1 * Mesa-KHR-devel-22.3.5-150500.77.5.1 * Mesa-libglapi0-22.3.5-150500.77.5.1 * Mesa-libGLESv2-devel-22.3.5-150500.77.5.1 * Mesa-dri-devel-22.3.5-150500.77.5.1 * Mesa-dri-debuginfo-22.3.5-150500.77.5.1 * Mesa-dri-22.3.5-150500.77.5.1 * Mesa-libEGL-devel-22.3.5-150500.77.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * libvdpau_r600-22.3.5-150500.77.5.1 * Mesa-libva-22.3.5-150500.77.5.1 * libvdpau_r300-22.3.5-150500.77.5.1 * libvdpau_virtio_gpu-22.3.5-150500.77.5.1 * libxatracker2-1.0.0-150500.77.5.1 * Mesa-gallium-debuginfo-22.3.5-150500.77.5.1 * Mesa-gallium-22.3.5-150500.77.5.1 * Mesa-libva-debuginfo-22.3.5-150500.77.5.1 * libvdpau_virtio_gpu-debuginfo-22.3.5-150500.77.5.1 * libxatracker2-debuginfo-1.0.0-150500.77.5.1 * libxatracker-devel-1.0.0-150500.77.5.1 * libvdpau_r300-debuginfo-22.3.5-150500.77.5.1 * libvdpau_r600-debuginfo-22.3.5-150500.77.5.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * Mesa-vulkan-device-select-debuginfo-22.3.5-150500.77.5.1 * Mesa-vulkan-overlay-22.3.5-150500.77.5.1 * libvulkan_lvp-22.3.5-150500.77.5.1 * libvulkan_radeon-22.3.5-150500.77.5.1 * libvulkan_radeon-debuginfo-22.3.5-150500.77.5.1 * libvulkan_lvp-debuginfo-22.3.5-150500.77.5.1 * Mesa-vulkan-overlay-debuginfo-22.3.5-150500.77.5.1 * Mesa-vulkan-device-select-22.3.5-150500.77.5.1 * Basesystem Module 15-SP5 (x86_64) * libgbm1-32bit-22.3.5-150500.77.5.1 * Mesa-dri-32bit-22.3.5-150500.77.5.1 * libvdpau_radeonsi-22.3.5-150500.77.5.1 * Mesa-dri-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libEGL1-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libGL1-32bit-22.3.5-150500.77.5.1 * Mesa-libEGL1-32bit-22.3.5-150500.77.5.1 * Mesa-gallium-32bit-22.3.5-150500.77.5.1 * libvulkan_intel-22.3.5-150500.77.5.1 * libvdpau_radeonsi-debuginfo-22.3.5-150500.77.5.1 * Mesa-gallium-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libGL1-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-libd3d-debuginfo-22.3.5-150500.77.5.1 * Mesa-libd3d-devel-22.3.5-150500.77.5.1 * Mesa-libglapi0-32bit-22.3.5-150500.77.5.1 * Mesa-libd3d-22.3.5-150500.77.5.1 * Mesa-libglapi0-32bit-debuginfo-22.3.5-150500.77.5.1 * libgbm1-32bit-debuginfo-22.3.5-150500.77.5.1 * libvulkan_intel-debuginfo-22.3.5-150500.77.5.1 * Mesa-32bit-22.3.5-150500.77.5.1 * Basesystem Module 15-SP6 (aarch64 ppc64le x86_64) * libvdpau_r300-debuginfo-22.3.5-150500.77.5.1 * libvdpau_r300-22.3.5-150500.77.5.1 * Mesa-drivers-debugsource-22.3.5-150500.77.5.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libOSMesa8-32bit-debuginfo-22.3.5-150500.77.5.1 * libOSMesa8-32bit-22.3.5-150500.77.5.1 * Mesa-debugsource-22.3.5-150500.77.5.1 * SUSE Package Hub 15 15-SP6 (x86_64) * Mesa-vulkan-device-select-32bit-22.3.5-150500.77.5.1 * libvulkan_radeon-32bit-22.3.5-150500.77.5.1 * libvulkan_intel-32bit-22.3.5-150500.77.5.1 * libvulkan_radeon-32bit-debuginfo-22.3.5-150500.77.5.1 * libvulkan_intel-32bit-debuginfo-22.3.5-150500.77.5.1 * Mesa-vulkan-device-select-32bit-debuginfo-22.3.5-150500.77.5.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * Mesa-drivers-debugsource-22.3.5-150500.77.5.1 * Mesa-dri-nouveau-debuginfo-22.3.5-150500.77.5.1 * libvdpau_nouveau-22.3.5-150500.77.5.1 * Mesa-dri-nouveau-22.3.5-150500.77.5.1 * libvdpau_nouveau-debuginfo-22.3.5-150500.77.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45913.html * https://www.suse.com/security/cve/CVE-2023-45919.html * https://www.suse.com/security/cve/CVE-2023-45922.html * https://bugzilla.suse.com/show_bug.cgi?id=1222040 * https://bugzilla.suse.com/show_bug.cgi?id=1222041 * https://bugzilla.suse.com/show_bug.cgi?id=1222042 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:35:40 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:35:40 -0000 Subject: SUSE-SU-2024:3547-1: important: Security update for the Linux Kernel Message-ID: <172840534011.4252.8597164287477053420@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3547-1 Release Date: 2024-10-08T14:06:34Z Rating: important References: * bsc#1216223 * bsc#1223600 * bsc#1223958 * bsc#1225272 * bsc#1227487 * bsc#1228466 * bsc#1229407 * bsc#1229633 * bsc#1229662 * bsc#1229947 * bsc#1230015 * bsc#1230398 * bsc#1230434 * bsc#1230507 * bsc#1230767 * bsc#1231016 Cross-References: * CVE-2022-48911 * CVE-2022-48923 * CVE-2022-48944 * CVE-2022-48945 * CVE-2024-41087 * CVE-2024-42301 * CVE-2024-44946 * CVE-2024-45021 * CVE-2024-46674 * CVE-2024-46774 CVSS scores: * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48923 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-48923 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48923 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-48944 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41087 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42301 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42301 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46674 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 10 vulnerabilities and has six security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) * CVE-2024-41087: Fix double free on error (bsc#1228466). * CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). The following non-security bugs were fixed: * blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). * blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). * kabi: add __nf_queue_get_refs() for kabi compliance. * scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). * scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958). * SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3547=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3547=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3547=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3547=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3547=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3547=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3547=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3547=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3547=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3547=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3547=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3547=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-3547=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3547=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3547=1 ## Package List: * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (nosrc x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-5.14.21-150400.24.136.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.136.1 * kernel-syms-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-debugsource-5.14.21-150400.24.136.1 * kernel-default-devel-5.14.21-150400.24.136.1 * kernel-default-extra-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.136.1 * kernel-macros-5.14.21-150400.24.136.1 * kernel-devel-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.136.1 * kernel-64kb-devel-5.14.21-150400.24.136.1 * kernel-64kb-debuginfo-5.14.21-150400.24.136.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-5.14.21-150400.24.136.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.136.1 * kernel-syms-5.14.21-150400.24.136.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-obs-build-debugsource-5.14.21-150400.24.136.1 * kernel-default-devel-5.14.21-150400.24.136.1 * reiserfs-kmp-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.136.1 * kernel-macros-5.14.21-150400.24.136.1 * kernel-devel-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.136.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-5.14.21-150400.24.136.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.136.1 * kernel-syms-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-debugsource-5.14.21-150400.24.136.1 * kernel-default-devel-5.14.21-150400.24.136.1 * reiserfs-kmp-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * kernel-source-5.14.21-150400.24.136.1 * kernel-macros-5.14.21-150400.24.136.1 * kernel-devel-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.136.1 * SUSE Manager Proxy 4.3 (nosrc x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Manager Proxy 4.3 (x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.136.1 * kernel-syms-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * kernel-default-devel-5.14.21-150400.24.136.1 * SUSE Manager Proxy 4.3 (noarch) * kernel-source-5.14.21-150400.24.136.1 * kernel-macros-5.14.21-150400.24.136.1 * kernel-devel-5.14.21-150400.24.136.1 * SUSE Manager Retail Branch Server 4.3 (nosrc x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * kernel-default-devel-5.14.21-150400.24.136.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * kernel-macros-5.14.21-150400.24.136.1 * kernel-devel-5.14.21-150400.24.136.1 * SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Manager Server 4.3 (ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.136.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.136.1 * kernel-syms-5.14.21-150400.24.136.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-default-devel-5.14.21-150400.24.136.1 * SUSE Manager Server 4.3 (noarch) * kernel-source-5.14.21-150400.24.136.1 * kernel-macros-5.14.21-150400.24.136.1 * kernel-devel-5.14.21-150400.24.136.1 * SUSE Manager Server 4.3 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.136.1 * SUSE Manager Server 4.3 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.136.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (noarch) * kernel-docs-html-5.14.21-150400.24.136.1 * kernel-source-5.14.21-150400.24.136.1 * kernel-macros-5.14.21-150400.24.136.1 * kernel-devel-5.14.21-150400.24.136.1 * kernel-source-vanilla-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-debugsource-5.14.21-150400.24.136.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.136.1 * kernel-debug-devel-5.14.21-150400.24.136.1 * kernel-debug-debuginfo-5.14.21-150400.24.136.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.136.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.136.1 * kernel-kvmsmall-devel-5.14.21-150400.24.136.1 * kernel-default-base-rebuild-5.14.21-150400.24.136.1.150400.24.66.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.136.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kselftests-kmp-default-5.14.21-150400.24.136.1 * kernel-obs-qa-5.14.21-150400.24.136.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.136.1 * kernel-syms-5.14.21-150400.24.136.1 * reiserfs-kmp-default-5.14.21-150400.24.136.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.136.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.136.1 * dlm-kmp-default-5.14.21-150400.24.136.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.136.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-debugsource-5.14.21-150400.24.136.1 * kernel-default-livepatch-devel-5.14.21-150400.24.136.1 * ocfs2-kmp-default-5.14.21-150400.24.136.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.136.1 * kernel-default-livepatch-5.14.21-150400.24.136.1 * kernel-obs-build-5.14.21-150400.24.136.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.136.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-default-devel-5.14.21-150400.24.136.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.136.1 * cluster-md-kmp-default-5.14.21-150400.24.136.1 * kernel-default-extra-5.14.21-150400.24.136.1 * gfs2-kmp-default-5.14.21-150400.24.136.1 * kernel-default-optional-5.14.21-150400.24.136.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_32-debugsource-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_136-default-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-1-150400.9.3.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.136.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (aarch64) * dtb-mediatek-5.14.21-150400.24.136.1 * dtb-sprd-5.14.21-150400.24.136.1 * dtb-qcom-5.14.21-150400.24.136.1 * dtb-broadcom-5.14.21-150400.24.136.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.136.1 * dtb-allwinner-5.14.21-150400.24.136.1 * cluster-md-kmp-64kb-5.14.21-150400.24.136.1 * dtb-altera-5.14.21-150400.24.136.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.136.1 * dtb-arm-5.14.21-150400.24.136.1 * ocfs2-kmp-64kb-5.14.21-150400.24.136.1 * dtb-rockchip-5.14.21-150400.24.136.1 * dtb-apm-5.14.21-150400.24.136.1 * kernel-64kb-debugsource-5.14.21-150400.24.136.1 * dtb-hisilicon-5.14.21-150400.24.136.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.136.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.136.1 * dtb-amlogic-5.14.21-150400.24.136.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.136.1 * dtb-freescale-5.14.21-150400.24.136.1 * dtb-exynos-5.14.21-150400.24.136.1 * dtb-lg-5.14.21-150400.24.136.1 * kernel-64kb-extra-5.14.21-150400.24.136.1 * dtb-amazon-5.14.21-150400.24.136.1 * kernel-64kb-devel-5.14.21-150400.24.136.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.136.1 * kselftests-kmp-64kb-5.14.21-150400.24.136.1 * dtb-xilinx-5.14.21-150400.24.136.1 * reiserfs-kmp-64kb-5.14.21-150400.24.136.1 * dtb-cavium-5.14.21-150400.24.136.1 * dtb-marvell-5.14.21-150400.24.136.1 * dlm-kmp-64kb-5.14.21-150400.24.136.1 * gfs2-kmp-64kb-5.14.21-150400.24.136.1 * dtb-apple-5.14.21-150400.24.136.1 * dtb-amd-5.14.21-150400.24.136.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.136.1 * dtb-socionext-5.14.21-150400.24.136.1 * dtb-renesas-5.14.21-150400.24.136.1 * kernel-64kb-debuginfo-5.14.21-150400.24.136.1 * dtb-nvidia-5.14.21-150400.24.136.1 * kernel-64kb-optional-5.14.21-150400.24.136.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.136.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.136.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.136.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_136-default-1-150400.9.3.1 * kernel-default-livepatch-5.14.21-150400.24.136.1 * kernel-livepatch-SLE15-SP4_Update_32-debugsource-1-150400.9.3.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-1-150400.9.3.1 * kernel-default-livepatch-devel-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.14.21-150400.24.136.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * ocfs2-kmp-default-5.14.21-150400.24.136.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.136.1 * dlm-kmp-default-5.14.21-150400.24.136.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.136.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.136.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * gfs2-kmp-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.136.1 * kernel-64kb-devel-5.14.21-150400.24.136.1 * kernel-64kb-debuginfo-5.14.21-150400.24.136.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-5.14.21-150400.24.136.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.136.1 * kernel-syms-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-debugsource-5.14.21-150400.24.136.1 * kernel-default-devel-5.14.21-150400.24.136.1 * reiserfs-kmp-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * kernel-source-5.14.21-150400.24.136.1 * kernel-macros-5.14.21-150400.24.136.1 * kernel-devel-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.136.1 * kernel-64kb-devel-5.14.21-150400.24.136.1 * kernel-64kb-debuginfo-5.14.21-150400.24.136.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.136.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-5.14.21-150400.24.136.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.136.1 * kernel-syms-5.14.21-150400.24.136.1 * kernel-default-debuginfo-5.14.21-150400.24.136.1 * kernel-obs-build-debugsource-5.14.21-150400.24.136.1 * kernel-default-devel-5.14.21-150400.24.136.1 * reiserfs-kmp-default-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * kernel-source-5.14.21-150400.24.136.1 * kernel-macros-5.14.21-150400.24.136.1 * kernel-devel-5.14.21-150400.24.136.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.136.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48923.html * https://www.suse.com/security/cve/CVE-2022-48944.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2024-41087.html * https://www.suse.com/security/cve/CVE-2024-42301.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-46674.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://bugzilla.suse.com/show_bug.cgi?id=1216223 * https://bugzilla.suse.com/show_bug.cgi?id=1223600 * https://bugzilla.suse.com/show_bug.cgi?id=1223958 * https://bugzilla.suse.com/show_bug.cgi?id=1225272 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1228466 * https://bugzilla.suse.com/show_bug.cgi?id=1229407 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1229662 * https://bugzilla.suse.com/show_bug.cgi?id=1229947 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230507 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1231016 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:35:43 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:35:43 -0000 Subject: SUSE-SU-2024:3546-1: moderate: Security update for podman Message-ID: <172840534386.4252.13381803798395880905@smelt2.prg2.suse.org> # Security update for podman Announcement ID: SUSE-SU-2024:3546-1 Release Date: 2024-10-08T14:04:55Z Rating: moderate References: * bsc#1231230 Cross-References: * CVE-2024-6104 * CVE-2024-9341 CVSS scores: * CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9341 ( SUSE ): 5.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9341 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N * CVE-2024-9341 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N Affected Products: * Containers Module 15-SP5 * Containers Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3546=1 openSUSE-SLE-15.5-2024-3546=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3546=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3546=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3546=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3546=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3546=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-4.9.5-150500.3.18.1 * podman-debuginfo-4.9.5-150500.3.18.1 * podmansh-4.9.5-150500.3.18.1 * podman-4.9.5-150500.3.18.1 * podman-remote-debuginfo-4.9.5-150500.3.18.1 * openSUSE Leap 15.5 (noarch) * podman-docker-4.9.5-150500.3.18.1 * openSUSE Leap Micro 5.5 (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.18.1 * podman-debuginfo-4.9.5-150500.3.18.1 * podmansh-4.9.5-150500.3.18.1 * podman-4.9.5-150500.3.18.1 * podman-remote-debuginfo-4.9.5-150500.3.18.1 * openSUSE Leap Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.18.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.18.1 * podman-debuginfo-4.9.5-150500.3.18.1 * podmansh-4.9.5-150500.3.18.1 * podman-4.9.5-150500.3.18.1 * podman-remote-debuginfo-4.9.5-150500.3.18.1 * openSUSE Leap 15.6 (noarch) * podman-docker-4.9.5-150500.3.18.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.18.1 * podman-debuginfo-4.9.5-150500.3.18.1 * podmansh-4.9.5-150500.3.18.1 * podman-4.9.5-150500.3.18.1 * podman-remote-debuginfo-4.9.5-150500.3.18.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.18.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.18.1 * podman-debuginfo-4.9.5-150500.3.18.1 * podmansh-4.9.5-150500.3.18.1 * podman-4.9.5-150500.3.18.1 * podman-remote-debuginfo-4.9.5-150500.3.18.1 * Containers Module 15-SP5 (noarch) * podman-docker-4.9.5-150500.3.18.1 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.18.1 * podman-debuginfo-4.9.5-150500.3.18.1 * podmansh-4.9.5-150500.3.18.1 * podman-4.9.5-150500.3.18.1 * podman-remote-debuginfo-4.9.5-150500.3.18.1 * Containers Module 15-SP6 (noarch) * podman-docker-4.9.5-150500.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6104.html * https://www.suse.com/security/cve/CVE-2024-9341.html * https://bugzilla.suse.com/show_bug.cgi?id=1231230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:35:46 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:35:46 -0000 Subject: SUSE-SU-2024:3545-1: moderate: Security update for buildah Message-ID: <172840534693.4252.715248093701672515@smelt2.prg2.suse.org> # Security update for buildah Announcement ID: SUSE-SU-2024:3545-1 Release Date: 2024-10-08T14:04:24Z Rating: moderate References: * bsc#1231208 * bsc#1231230 Cross-References: * CVE-2024-9341 * CVE-2024-9407 CVSS scores: * CVE-2024-9341 ( SUSE ): 5.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9341 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N * CVE-2024-9341 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N * CVE-2024-9407 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9407 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2024-9407 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N Affected Products: * Containers Module 15-SP5 * Containers Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for buildah fixes the following issues: * CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208). * CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library in cri-o (nsc#1231230). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3545=1 openSUSE-SLE-15.5-2024-3545=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3545=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3545=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3545=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.35.4-150500.3.13.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.13.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.13.1 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9341.html * https://www.suse.com/security/cve/CVE-2024-9407.html * https://bugzilla.suse.com/show_bug.cgi?id=1231208 * https://bugzilla.suse.com/show_bug.cgi?id=1231230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:35:51 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:35:51 -0000 Subject: SUSE-SU-2024:3544-1: moderate: Security update for Mesa Message-ID: <172840535125.4252.822973700013893394@smelt2.prg2.suse.org> # Security update for Mesa Announcement ID: SUSE-SU-2024:3544-1 Release Date: 2024-10-08T14:04:06Z Rating: moderate References: * bsc#1222040 * bsc#1222041 * bsc#1222042 Cross-References: * CVE-2023-45913 * CVE-2023-45919 * CVE-2023-45922 CVSS scores: * CVE-2023-45913 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45919 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H * CVE-2023-45922 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for Mesa fixes the following issues: * CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041). * CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040). * CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#CVE-2023-45922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3544=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3544=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3544=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3544=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3544=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3544=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3544=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3544=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3544=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * Mesa-libGLESv1_CM-devel-21.2.4-150400.68.15.1 * Mesa-KHR-devel-21.2.4-150400.68.15.1 * libOSMesa8-debuginfo-21.2.4-150400.68.15.1 * Mesa-libEGL1-21.2.4-150400.68.15.1 * libgbm-devel-21.2.4-150400.68.15.1 * Mesa-libglapi0-21.2.4-150400.68.15.1 * Mesa-libGLESv3-devel-21.2.4-150400.68.15.1 * Mesa-libGL1-21.2.4-150400.68.15.1 * Mesa-devel-21.2.4-150400.68.15.1 * Mesa-dri-debuginfo-21.2.4-150400.68.15.1 * libgbm1-debuginfo-21.2.4-150400.68.15.1 * Mesa-libEGL1-debuginfo-21.2.4-150400.68.15.1 * Mesa-libGL1-debuginfo-21.2.4-150400.68.15.1 * libOSMesa8-21.2.4-150400.68.15.1 * Mesa-libglapi0-debuginfo-21.2.4-150400.68.15.1 * Mesa-libGLESv2-devel-21.2.4-150400.68.15.1 * Mesa-21.2.4-150400.68.15.1 * Mesa-libGL-devel-21.2.4-150400.68.15.1 * Mesa-dri-devel-21.2.4-150400.68.15.1 * libOSMesa-devel-21.2.4-150400.68.15.1 * Mesa-dri-21.2.4-150400.68.15.1 * Mesa-libglapi-devel-21.2.4-150400.68.15.1 * Mesa-drivers-debugsource-21.2.4-150400.68.15.1 * Mesa-libEGL-devel-21.2.4-150400.68.15.1 * libgbm1-21.2.4-150400.68.15.1 * Mesa-debugsource-21.2.4-150400.68.15.1 * openSUSE Leap 15.4 (x86_64) * libvulkan_intel-32bit-21.2.4-150400.68.15.1 * Mesa-vulkan-overlay-32bit-21.2.4-150400.68.15.1 * libgbm-devel-32bit-21.2.4-150400.68.15.1 * libgbm1-32bit-debuginfo-21.2.4-150400.68.15.1 * libvulkan_radeon-32bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-dri-32bit-21.2.4-150400.68.15.1 * libvdpau_radeonsi-32bit-21.2.4-150400.68.15.1 * libgbm1-32bit-21.2.4-150400.68.15.1 * libXvMC_nouveau-32bit-21.2.4-150400.68.15.1 * Mesa-libGL-devel-32bit-21.2.4-150400.68.15.1 * Mesa-libd3d-devel-32bit-21.2.4-150400.68.15.1 * Mesa-libglapi-devel-32bit-21.2.4-150400.68.15.1 * Mesa-libGLESv2-devel-32bit-21.2.4-150400.68.15.1 * Mesa-dri-32bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libGLESv1_CM-devel-32bit-21.2.4-150400.68.15.1 * libXvMC_nouveau-32bit-debuginfo-21.2.4-150400.68.15.1 * libvulkan_radeon-32bit-21.2.4-150400.68.15.1 * Mesa-libd3d-32bit-21.2.4-150400.68.15.1 * Mesa-libGL1-32bit-21.2.4-150400.68.15.1 * Mesa-libglapi0-32bit-debuginfo-21.2.4-150400.68.15.1 * libvdpau_r600-32bit-debuginfo-21.2.4-150400.68.15.1 * libvdpau_radeonsi-32bit-debuginfo-21.2.4-150400.68.15.1 * libvdpau_r600-32bit-21.2.4-150400.68.15.1 * Mesa-vulkan-overlay-32bit-debuginfo-21.2.4-150400.68.15.1 * libvdpau_nouveau-32bit-debuginfo-21.2.4-150400.68.15.1 * libOSMesa-devel-32bit-21.2.4-150400.68.15.1 * libOSMesa8-32bit-21.2.4-150400.68.15.1 * Mesa-dri-nouveau-32bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-32bit-21.2.4-150400.68.15.1 * libvdpau_r300-32bit-debuginfo-21.2.4-150400.68.15.1 * libvdpau_r300-32bit-21.2.4-150400.68.15.1 * Mesa-libEGL1-32bit-21.2.4-150400.68.15.1 * Mesa-libGL1-32bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libglapi0-32bit-21.2.4-150400.68.15.1 * Mesa-gallium-32bit-21.2.4-150400.68.15.1 * Mesa-libEGL-devel-32bit-21.2.4-150400.68.15.1 * Mesa-dri-nouveau-32bit-21.2.4-150400.68.15.1 * Mesa-vulkan-device-select-32bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-vulkan-device-select-32bit-21.2.4-150400.68.15.1 * libvdpau_nouveau-32bit-21.2.4-150400.68.15.1 * Mesa-gallium-32bit-debuginfo-21.2.4-150400.68.15.1 * libXvMC_r600-32bit-21.2.4-150400.68.15.1 * libvulkan_intel-32bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libEGL1-32bit-debuginfo-21.2.4-150400.68.15.1 * libOSMesa8-32bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libd3d-32bit-debuginfo-21.2.4-150400.68.15.1 * libXvMC_r600-32bit-debuginfo-21.2.4-150400.68.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64 i586) * libvdpau_nouveau-debuginfo-21.2.4-150400.68.15.1 * libvdpau_r300-21.2.4-150400.68.15.1 * libvdpau_radeonsi-21.2.4-150400.68.15.1 * Mesa-libva-debuginfo-21.2.4-150400.68.15.1 * libvdpau_r600-debuginfo-21.2.4-150400.68.15.1 * libXvMC_nouveau-debuginfo-21.2.4-150400.68.15.1 * libvdpau_r600-21.2.4-150400.68.15.1 * libvdpau_r300-debuginfo-21.2.4-150400.68.15.1 * libXvMC_r600-21.2.4-150400.68.15.1 * libvdpau_radeonsi-debuginfo-21.2.4-150400.68.15.1 * libXvMC_nouveau-21.2.4-150400.68.15.1 * Mesa-libOpenCL-21.2.4-150400.68.15.1 * libxatracker2-debuginfo-1.0.0-150400.68.15.1 * libXvMC_r600-debuginfo-21.2.4-150400.68.15.1 * Mesa-libva-21.2.4-150400.68.15.1 * Mesa-dri-nouveau-21.2.4-150400.68.15.1 * Mesa-libOpenCL-debuginfo-21.2.4-150400.68.15.1 * libxatracker2-1.0.0-150400.68.15.1 * Mesa-gallium-debuginfo-21.2.4-150400.68.15.1 * libxatracker-devel-1.0.0-150400.68.15.1 * Mesa-gallium-21.2.4-150400.68.15.1 * Mesa-dri-nouveau-debuginfo-21.2.4-150400.68.15.1 * libvdpau_nouveau-21.2.4-150400.68.15.1 * openSUSE Leap 15.4 (aarch64 x86_64 i586) * libvulkan_lvp-21.2.4-150400.68.15.1 * Mesa-libVulkan-devel-21.2.4-150400.68.15.1 * Mesa-vulkan-overlay-21.2.4-150400.68.15.1 * Mesa-libd3d-devel-21.2.4-150400.68.15.1 * Mesa-vulkan-overlay-debuginfo-21.2.4-150400.68.15.1 * libvulkan_lvp-debuginfo-21.2.4-150400.68.15.1 * Mesa-libd3d-debuginfo-21.2.4-150400.68.15.1 * libvulkan_radeon-debuginfo-21.2.4-150400.68.15.1 * Mesa-vulkan-device-select-21.2.4-150400.68.15.1 * Mesa-libd3d-21.2.4-150400.68.15.1 * libvulkan_radeon-21.2.4-150400.68.15.1 * Mesa-vulkan-device-select-debuginfo-21.2.4-150400.68.15.1 * openSUSE Leap 15.4 (x86_64 i586) * libvulkan_intel-21.2.4-150400.68.15.1 * libvulkan_intel-debuginfo-21.2.4-150400.68.15.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libXvMC_nouveau-64bit-21.2.4-150400.68.15.1 * libvdpau_radeonsi-64bit-21.2.4-150400.68.15.1 * libvdpau_r600-64bit-21.2.4-150400.68.15.1 * libOSMesa8-64bit-21.2.4-150400.68.15.1 * Mesa-libEGL-devel-64bit-21.2.4-150400.68.15.1 * Mesa-64bit-21.2.4-150400.68.15.1 * Mesa-libglapi0-64bit-debuginfo-21.2.4-150400.68.15.1 * libXvMC_r600-64bit-21.2.4-150400.68.15.1 * libvdpau_r300-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libGLESv1_CM-devel-64bit-21.2.4-150400.68.15.1 * libvdpau_nouveau-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libGL-devel-64bit-21.2.4-150400.68.15.1 * libvdpau_radeonsi-64bit-debuginfo-21.2.4-150400.68.15.1 * libvulkan_radeon-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libd3d-devel-64bit-21.2.4-150400.68.15.1 * libXvMC_r600-64bit-debuginfo-21.2.4-150400.68.15.1 * libgbm-devel-64bit-21.2.4-150400.68.15.1 * libgbm1-64bit-21.2.4-150400.68.15.1 * Mesa-dri-vc4-64bit-21.2.4-150400.68.15.1 * Mesa-dri-vc4-64bit-debuginfo-21.2.4-150400.68.15.1 * libvdpau_r600-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libGL1-64bit-21.2.4-150400.68.15.1 * libOSMesa-devel-64bit-21.2.4-150400.68.15.1 * Mesa-libGLESv2-devel-64bit-21.2.4-150400.68.15.1 * libOSMesa8-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libGL1-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libglapi-devel-64bit-21.2.4-150400.68.15.1 * Mesa-libEGL1-64bit-21.2.4-150400.68.15.1 * Mesa-libglapi0-64bit-21.2.4-150400.68.15.1 * libvulkan_radeon-64bit-21.2.4-150400.68.15.1 * Mesa-dri-64bit-21.2.4-150400.68.15.1 * libvdpau_r300-64bit-21.2.4-150400.68.15.1 * Mesa-dri-nouveau-64bit-21.2.4-150400.68.15.1 * Mesa-libEGL1-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-vulkan-overlay-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-dri-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-vulkan-device-select-64bit-21.2.4-150400.68.15.1 * Mesa-dri-nouveau-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-gallium-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-vulkan-device-select-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libd3d-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-vulkan-overlay-64bit-21.2.4-150400.68.15.1 * libgbm1-64bit-debuginfo-21.2.4-150400.68.15.1 * Mesa-libd3d-64bit-21.2.4-150400.68.15.1 * libvdpau_nouveau-64bit-21.2.4-150400.68.15.1 * Mesa-gallium-64bit-21.2.4-150400.68.15.1 * libXvMC_nouveau-64bit-debuginfo-21.2.4-150400.68.15.1 * openSUSE Leap 15.4 (aarch64) * libvulkan_freedreno-21.2.4-150400.68.15.1 * libvulkan_broadcom-21.2.4-150400.68.15.1 * Mesa-dri-vc4-21.2.4-150400.68.15.1 * Mesa-dri-vc4-debuginfo-21.2.4-150400.68.15.1 * libvulkan_freedreno-debuginfo-21.2.4-150400.68.15.1 * libvulkan_broadcom-debuginfo-21.2.4-150400.68.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgbm1-debuginfo-21.2.4-150400.68.15.1 * libgbm1-21.2.4-150400.68.15.1 * Mesa-debugsource-21.2.4-150400.68.15.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgbm1-debuginfo-21.2.4-150400.68.15.1 * libgbm1-21.2.4-150400.68.15.1 * Mesa-debugsource-21.2.4-150400.68.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libgbm1-debuginfo-21.2.4-150400.68.15.1 * libgbm1-21.2.4-150400.68.15.1 * Mesa-debugsource-21.2.4-150400.68.15.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libgbm1-debuginfo-21.2.4-150400.68.15.1 * libgbm1-21.2.4-150400.68.15.1 * Mesa-debugsource-21.2.4-150400.68.15.1 * Basesystem Module 15-SP5 (x86_64) * Mesa-drivers-debugsource-21.2.4-150400.68.15.1 * Mesa-libVulkan-devel-21.2.4-150400.68.15.1 * Basesystem Module 15-SP6 (x86_64) * Mesa-drivers-debugsource-21.2.4-150400.68.15.1 * Mesa-libVulkan-devel-21.2.4-150400.68.15.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * Mesa-drivers-debugsource-21.2.4-150400.68.15.1 * libXvMC_nouveau-debuginfo-21.2.4-150400.68.15.1 * libXvMC_nouveau-21.2.4-150400.68.15.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * Mesa-drivers-debugsource-21.2.4-150400.68.15.1 * libXvMC_nouveau-debuginfo-21.2.4-150400.68.15.1 * libXvMC_nouveau-21.2.4-150400.68.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45913.html * https://www.suse.com/security/cve/CVE-2023-45919.html * https://www.suse.com/security/cve/CVE-2023-45922.html * https://bugzilla.suse.com/show_bug.cgi?id=1222040 * https://bugzilla.suse.com/show_bug.cgi?id=1222041 * https://bugzilla.suse.com/show_bug.cgi?id=1222042 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 8 16:35:53 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 08 Oct 2024 16:35:53 -0000 Subject: SUSE-SU-2024:3543-1: moderate: Security update for json-lib Message-ID: <172840535376.4252.7597656525859223170@smelt2.prg2.suse.org> # Security update for json-lib Announcement ID: SUSE-SU-2024:3543-1 Release Date: 2024-10-08T13:33:40Z Rating: moderate References: * bsc#1231295 Cross-References: * CVE-2024-47855 CVSS scores: * CVE-2024-47855 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-47855 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for json-lib fixes the following issues: * CVE-2024-47855: Fixed mishandled unbalanced comment string (bsc#1231295) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3543=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3543=1 ## Package List: * openSUSE Leap 15.5 (noarch) * jenkins-json-lib-2.4-150200.3.7.1 * json-lib-2.4-150200.3.7.1 * json-lib-javadoc-2.4-150200.3.7.1 * openSUSE Leap 15.6 (noarch) * jenkins-json-lib-2.4-150200.3.7.1 * json-lib-2.4-150200.3.7.1 * json-lib-javadoc-2.4-150200.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47855.html * https://bugzilla.suse.com/show_bug.cgi?id=1231295 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 08:30:07 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 08:30:07 -0000 Subject: SUSE-SU-2024:3558-1: low: Security update for qatlib Message-ID: <172846260762.12150.8172595373740573689@smelt2.prg2.suse.org> # Security update for qatlib Announcement ID: SUSE-SU-2024:3558-1 Release Date: 2024-10-09T07:26:05Z Rating: low References: * bsc#1217158 Cross-References: * CVE-2023-22313 CVSS scores: * CVE-2023-22313 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22313 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for qatlib fixes the following issues: * CVE-2023-22313: Fixed a local information disclosure due to improper buffer restrictions (bsc#1217158). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3558=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * qatlib-debugsource-21.08.0-150400.3.3.3 * qatlib-debuginfo-21.08.0-150400.3.3.3 * qatlib-devel-21.08.0-150400.3.3.3 * qatlib-21.08.0-150400.3.3.3 ## References: * https://www.suse.com/security/cve/CVE-2023-22313.html * https://bugzilla.suse.com/show_bug.cgi?id=1217158 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 08:30:20 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 08:30:20 -0000 Subject: SUSE-SU-2024:3554-1: moderate: Security update for mozjs78 Message-ID: <172846262041.12150.1096282815366325548@smelt2.prg2.suse.org> # Security update for mozjs78 Announcement ID: SUSE-SU-2024:3554-1 Release Date: 2024-10-09T06:17:18Z Rating: moderate References: * bsc#1230036 * bsc#1230037 * bsc#1230038 Cross-References: * CVE-2024-45490 * CVE-2024-45491 * CVE-2024-45492 CVSS scores: * CVE-2024-45490 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45490 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45490 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45491 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45491 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45491 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45492 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45492 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45492 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs78 fixes the following issues: * CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036) * CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037) * CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3554=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3554=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3554=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3554=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3554=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3554=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libmozjs-78-0-debuginfo-78.15.0-150400.3.6.2 * libmozjs-78-0-78.15.0-150400.3.6.2 * mozjs78-debuginfo-78.15.0-150400.3.6.2 * mozjs78-78.15.0-150400.3.6.2 * mozjs78-debugsource-78.15.0-150400.3.6.2 * mozjs78-devel-78.15.0-150400.3.6.2 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libmozjs-78-0-debuginfo-78.15.0-150400.3.6.2 * libmozjs-78-0-78.15.0-150400.3.6.2 * mozjs78-debuginfo-78.15.0-150400.3.6.2 * mozjs78-78.15.0-150400.3.6.2 * mozjs78-debugsource-78.15.0-150400.3.6.2 * mozjs78-devel-78.15.0-150400.3.6.2 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmozjs-78-0-debuginfo-78.15.0-150400.3.6.2 * libmozjs-78-0-78.15.0-150400.3.6.2 * mozjs78-debuginfo-78.15.0-150400.3.6.2 * mozjs78-debugsource-78.15.0-150400.3.6.2 * mozjs78-devel-78.15.0-150400.3.6.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * libmozjs-78-0-78.15.0-150400.3.6.2 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * mozjs78-debugsource-78.15.0-150400.3.6.2 * libmozjs-78-0-debuginfo-78.15.0-150400.3.6.2 * mozjs78-debuginfo-78.15.0-150400.3.6.2 * libmozjs-78-0-78.15.0-150400.3.6.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i686) * libmozjs-78-0-debuginfo-78.15.0-150400.3.6.2 * libmozjs-78-0-78.15.0-150400.3.6.2 * mozjs78-debuginfo-78.15.0-150400.3.6.2 * mozjs78-78.15.0-150400.3.6.2 * mozjs78-debugsource-78.15.0-150400.3.6.2 * mozjs78-devel-78.15.0-150400.3.6.2 ## References: * https://www.suse.com/security/cve/CVE-2024-45490.html * https://www.suse.com/security/cve/CVE-2024-45491.html * https://www.suse.com/security/cve/CVE-2024-45492.html * https://bugzilla.suse.com/show_bug.cgi?id=1230036 * https://bugzilla.suse.com/show_bug.cgi?id=1230037 * https://bugzilla.suse.com/show_bug.cgi?id=1230038 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 12:30:19 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 12:30:19 -0000 Subject: SUSE-SU-2024:3565-1: important: Security update for the Linux Kernel Message-ID: <172847701950.6932.16482206442801172372@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3565-1 Release Date: 2024-10-09T09:40:49Z Rating: important References: * bsc#1185988 * bsc#1220826 * bsc#1226145 * bsc#1227487 * bsc#1228466 * bsc#1229633 * bsc#1230015 * bsc#1230245 * bsc#1230326 * bsc#1230398 * bsc#1230434 * bsc#1230519 * bsc#1230767 Cross-References: * CVE-2021-47069 * CVE-2022-48911 * CVE-2022-48945 * CVE-2024-36971 * CVE-2024-41087 * CVE-2024-44946 * CVE-2024-45003 * CVE-2024-45021 * CVE-2024-46695 * CVE-2024-46774 CVSS scores: * CVE-2021-47069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36971 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36971 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41087 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 10 vulnerabilities and has three security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). * CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). * CVE-2024-41087: Fix double free on error (bsc#1228466). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519). The following non-security bugs were fixed: * Revert "ext4: consolidate checks for resize of bigalloc into ext4_resize_begin" (bsc#1230326). * ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326). * ext4: add reserved GDT blocks check (bsc#1230326). * ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326). * ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326). * kabi: add __nf_queue_get_refs() for kabi compliance. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3565=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-3565=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3565=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3565=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3565=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_206-default-debuginfo-1-150200.5.3.1 * kernel-livepatch-SLE15-SP2_Update_53-debugsource-1-150200.5.3.1 * kernel-livepatch-5_3_18-150200_24_206-default-1-150200.5.3.1 * kernel-default-livepatch-5.3.18-150200.24.206.1 * kernel-default-debuginfo-5.3.18-150200.24.206.1 * kernel-default-livepatch-devel-5.3.18-150200.24.206.1 * kernel-default-debugsource-5.3.18-150200.24.206.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-5.3.18-150200.24.206.1 * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.206.1 * gfs2-kmp-default-5.3.18-150200.24.206.1 * ocfs2-kmp-default-5.3.18-150200.24.206.1 * cluster-md-kmp-default-5.3.18-150200.24.206.1 * kernel-default-debuginfo-5.3.18-150200.24.206.1 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.206.1 * dlm-kmp-default-5.3.18-150200.24.206.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.206.1 * kernel-default-debugsource-5.3.18-150200.24.206.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.206.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.206.1 * kernel-default-5.3.18-150200.24.206.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.206.1 * kernel-default-base-5.3.18-150200.24.206.1.150200.9.107.1 * kernel-preempt-debugsource-5.3.18-150200.24.206.1 * kernel-preempt-debuginfo-5.3.18-150200.24.206.1 * kernel-obs-build-5.3.18-150200.24.206.1 * kernel-default-devel-5.3.18-150200.24.206.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.206.1 * kernel-preempt-devel-5.3.18-150200.24.206.1 * kernel-default-debuginfo-5.3.18-150200.24.206.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.206.1 * kernel-syms-5.3.18-150200.24.206.1 * kernel-default-debugsource-5.3.18-150200.24.206.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-devel-5.3.18-150200.24.206.1 * kernel-source-5.3.18-150200.24.206.1 * kernel-macros-5.3.18-150200.24.206.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.206.1 * kernel-default-base-5.3.18-150200.24.206.1.150200.9.107.1 * kernel-obs-build-5.3.18-150200.24.206.1 * kernel-default-devel-5.3.18-150200.24.206.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.206.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.206.1 * kernel-default-debuginfo-5.3.18-150200.24.206.1 * reiserfs-kmp-default-5.3.18-150200.24.206.1 * kernel-syms-5.3.18-150200.24.206.1 * kernel-default-debugsource-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-devel-5.3.18-150200.24.206.1 * kernel-source-5.3.18-150200.24.206.1 * kernel-macros-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.206.1 * kernel-preempt-devel-5.3.18-150200.24.206.1 * kernel-preempt-debuginfo-5.3.18-150200.24.206.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.206.1 * kernel-default-base-5.3.18-150200.24.206.1.150200.9.107.1 * kernel-obs-build-5.3.18-150200.24.206.1 * kernel-default-devel-5.3.18-150200.24.206.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.206.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.206.1 * kernel-default-debuginfo-5.3.18-150200.24.206.1 * reiserfs-kmp-default-5.3.18-150200.24.206.1 * kernel-syms-5.3.18-150200.24.206.1 * kernel-default-debugsource-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-devel-5.3.18-150200.24.206.1 * kernel-source-5.3.18-150200.24.206.1 * kernel-macros-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.206.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.206.1 * kernel-preempt-devel-5.3.18-150200.24.206.1 * kernel-preempt-debuginfo-5.3.18-150200.24.206.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.206.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47069.html * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2024-36971.html * https://www.suse.com/security/cve/CVE-2024-41087.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-45003.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-46695.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://bugzilla.suse.com/show_bug.cgi?id=1185988 * https://bugzilla.suse.com/show_bug.cgi?id=1220826 * https://bugzilla.suse.com/show_bug.cgi?id=1226145 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1228466 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230245 * https://bugzilla.suse.com/show_bug.cgi?id=1230326 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230519 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 12:33:08 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 12:33:08 -0000 Subject: SUSE-SU-2024:3564-1: important: Security update for the Linux Kernel Message-ID: <172847718834.6932.15200760795627387671@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3564-1 Release Date: 2024-10-09T09:09:07Z Rating: important References: * bsc#1012628 * bsc#1183045 * bsc#1215199 * bsc#1216223 * bsc#1216776 * bsc#1220382 * bsc#1221527 * bsc#1221610 * bsc#1221650 * bsc#1222629 * bsc#1223600 * bsc#1223848 * bsc#1225487 * bsc#1225812 * bsc#1225903 * bsc#1226003 * bsc#1226507 * bsc#1226606 * bsc#1226666 * bsc#1226846 * bsc#1226860 * bsc#1227487 * bsc#1227694 * bsc#1227726 * bsc#1227819 * bsc#1227885 * bsc#1227890 * bsc#1227962 * bsc#1228090 * bsc#1228140 * bsc#1228244 * bsc#1228507 * bsc#1228771 * bsc#1229001 * bsc#1229004 * bsc#1229019 * bsc#1229086 * bsc#1229167 * bsc#1229169 * bsc#1229289 * bsc#1229334 * bsc#1229362 * bsc#1229363 * bsc#1229364 * bsc#1229371 * bsc#1229380 * bsc#1229389 * bsc#1229394 * bsc#1229429 * bsc#1229443 * bsc#1229452 * bsc#1229455 * bsc#1229456 * bsc#1229494 * bsc#1229585 * bsc#1229753 * bsc#1229764 * bsc#1229768 * bsc#1229790 * bsc#1229810 * bsc#1229899 * bsc#1229928 * bsc#1230015 * bsc#1230119 * bsc#1230123 * bsc#1230124 * bsc#1230125 * bsc#1230169 * bsc#1230170 * bsc#1230171 * bsc#1230173 * bsc#1230174 * bsc#1230175 * bsc#1230176 * bsc#1230178 * bsc#1230180 * bsc#1230181 * bsc#1230185 * bsc#1230191 * bsc#1230192 * bsc#1230193 * bsc#1230194 * bsc#1230195 * bsc#1230200 * bsc#1230204 * bsc#1230206 * bsc#1230207 * bsc#1230209 * bsc#1230211 * bsc#1230213 * bsc#1230217 * bsc#1230221 * bsc#1230224 * bsc#1230230 * bsc#1230232 * bsc#1230233 * bsc#1230240 * bsc#1230244 * bsc#1230245 * bsc#1230247 * bsc#1230248 * bsc#1230269 * bsc#1230270 * bsc#1230295 * bsc#1230340 * bsc#1230426 * bsc#1230430 * bsc#1230431 * bsc#1230432 * bsc#1230433 * bsc#1230434 * bsc#1230435 * bsc#1230440 * bsc#1230441 * bsc#1230442 * bsc#1230444 * bsc#1230450 * bsc#1230451 * bsc#1230454 * bsc#1230455 * bsc#1230457 * bsc#1230459 * bsc#1230506 * bsc#1230507 * bsc#1230511 * bsc#1230515 * bsc#1230517 * bsc#1230518 * bsc#1230519 * bsc#1230520 * bsc#1230521 * bsc#1230524 * bsc#1230526 * bsc#1230533 * bsc#1230535 * bsc#1230539 * bsc#1230540 * bsc#1230549 * bsc#1230556 * bsc#1230562 * bsc#1230563 * bsc#1230564 * bsc#1230580 * bsc#1230582 * bsc#1230589 * bsc#1230602 * bsc#1230699 * bsc#1230700 * bsc#1230701 * bsc#1230702 * bsc#1230703 * bsc#1230704 * bsc#1230705 * bsc#1230706 * bsc#1230709 * bsc#1230711 * bsc#1230712 * bsc#1230715 * bsc#1230719 * bsc#1230722 * bsc#1230724 * bsc#1230725 * bsc#1230726 * bsc#1230727 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230747 * bsc#1230748 * bsc#1230749 * bsc#1230751 * bsc#1230752 * bsc#1230753 * bsc#1230756 * bsc#1230761 * bsc#1230766 * bsc#1230767 * bsc#1230768 * bsc#1230771 * bsc#1230772 * bsc#1230775 * bsc#1230776 * bsc#1230780 * bsc#1230783 * bsc#1230786 * bsc#1230787 * bsc#1230791 * bsc#1230794 * bsc#1230796 * bsc#1230802 * bsc#1230806 * bsc#1230808 * bsc#1230809 * bsc#1230810 * bsc#1230812 * bsc#1230813 * bsc#1230814 * bsc#1230815 * bsc#1230821 * bsc#1230825 * bsc#1230830 * bsc#1230831 * bsc#1230854 * bsc#1230948 * bsc#1231008 * bsc#1231035 * bsc#1231120 * bsc#1231146 * bsc#1231182 * bsc#1231183 * jsc#PED-10954 * jsc#PED-9899 Cross-References: * CVE-2023-52610 * CVE-2023-52752 * CVE-2023-52915 * CVE-2023-52916 * CVE-2024-26640 * CVE-2024-26759 * CVE-2024-26804 * CVE-2024-36953 * CVE-2024-38538 * CVE-2024-38596 * CVE-2024-38632 * CVE-2024-40965 * CVE-2024-40973 * CVE-2024-40983 * CVE-2024-42154 * CVE-2024-42243 * CVE-2024-42252 * CVE-2024-42265 * CVE-2024-42294 * CVE-2024-42304 * CVE-2024-42305 * CVE-2024-42306 * CVE-2024-43828 * CVE-2024-43832 * CVE-2024-43835 * CVE-2024-43845 * CVE-2024-43870 * CVE-2024-43890 * CVE-2024-43898 * CVE-2024-43904 * CVE-2024-43914 * CVE-2024-44935 * CVE-2024-44944 * CVE-2024-44946 * CVE-2024-44947 * CVE-2024-44948 * CVE-2024-44950 * CVE-2024-44951 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44960 * CVE-2024-44961 * CVE-2024-44962 * CVE-2024-44965 * CVE-2024-44967 * CVE-2024-44969 * CVE-2024-44970 * CVE-2024-44971 * CVE-2024-44977 * CVE-2024-44982 * CVE-2024-44984 * CVE-2024-44985 * CVE-2024-44986 * CVE-2024-44987 * CVE-2024-44988 * CVE-2024-44989 * CVE-2024-44990 * CVE-2024-44991 * CVE-2024-44997 * CVE-2024-44998 * CVE-2024-44999 * CVE-2024-45000 * CVE-2024-45001 * CVE-2024-45002 * CVE-2024-45003 * CVE-2024-45005 * CVE-2024-45006 * CVE-2024-45007 * CVE-2024-45008 * CVE-2024-45011 * CVE-2024-45012 * CVE-2024-45013 * CVE-2024-45015 * CVE-2024-45017 * CVE-2024-45018 * CVE-2024-45019 * CVE-2024-45020 * CVE-2024-45021 * CVE-2024-45022 * CVE-2024-45023 * CVE-2024-45026 * CVE-2024-45028 * CVE-2024-45029 * CVE-2024-45030 * CVE-2024-46672 * CVE-2024-46673 * CVE-2024-46674 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46687 * CVE-2024-46689 * CVE-2024-46691 * CVE-2024-46692 * CVE-2024-46693 * CVE-2024-46694 * CVE-2024-46695 * CVE-2024-46702 * CVE-2024-46706 * CVE-2024-46707 * CVE-2024-46709 * CVE-2024-46710 * CVE-2024-46714 * CVE-2024-46715 * CVE-2024-46716 * CVE-2024-46717 * CVE-2024-46719 * CVE-2024-46720 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46724 * CVE-2024-46725 * CVE-2024-46726 * CVE-2024-46728 * CVE-2024-46729 * CVE-2024-46730 * CVE-2024-46731 * CVE-2024-46732 * CVE-2024-46734 * CVE-2024-46735 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46741 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46746 * CVE-2024-46747 * CVE-2024-46749 * CVE-2024-46750 * CVE-2024-46751 * CVE-2024-46752 * CVE-2024-46753 * CVE-2024-46755 * CVE-2024-46756 * CVE-2024-46757 * CVE-2024-46758 * CVE-2024-46759 * CVE-2024-46760 * CVE-2024-46761 * CVE-2024-46767 * CVE-2024-46771 * CVE-2024-46772 * CVE-2024-46773 * CVE-2024-46774 * CVE-2024-46776 * CVE-2024-46778 * CVE-2024-46780 * CVE-2024-46781 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46786 * CVE-2024-46787 * CVE-2024-46791 * CVE-2024-46794 * CVE-2024-46797 * CVE-2024-46798 * CVE-2024-46822 CVSS scores: * CVE-2023-52610 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26759 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26804 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36953 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38538 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38596 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40965 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-40973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40983 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42243 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42243 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42243 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42252 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42252 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42252 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-42294 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42294 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42304 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43832 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43845 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43870 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44951 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44960 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-44960 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N * CVE-2024-44960 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44961 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-44961 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44961 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44962 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-44962 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44962 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44965 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44967 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44967 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44977 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44984 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-44985 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44985 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44997 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44997 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45002 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45002 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45005 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45012 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45012 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45017 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-45018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45019 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45019 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45023 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45023 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45028 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45028 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45030 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46672 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46672 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46687 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46687 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46691 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46692 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46692 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46693 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46706 ( SUSE ): 4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46709 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46709 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46710 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46710 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46716 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-46717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46719 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46719 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46724 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46724 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46725 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46725 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46726 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46726 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46729 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46732 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46734 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46734 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46735 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46735 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46735 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46741 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-46741 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46741 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46746 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46746 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46746 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46747 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46747 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46747 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46749 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46749 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46749 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46752 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46752 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46756 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46756 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46757 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46757 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46757 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46758 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46758 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46760 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46760 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46760 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46767 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46776 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46780 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46786 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46786 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46791 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46794 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46794 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-46797 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46797 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46797 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Real Time Module 15-SP6 An update that solves 162 vulnerabilities, contains two features and has 48 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). * CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). * CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). * CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). * CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). * CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). * CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). * CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). * CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). * CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). * CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001). * CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). * CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). * CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371). * CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). * CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). * CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). * CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). * CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). * CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389). * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). * CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). * CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181). * CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). * CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). * CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). * CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206). * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). * CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). * CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). * CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). * CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). * CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). * CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). * CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). * CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). * CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). * CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). * CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). * CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). * CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). * CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). * CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). * CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). * CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). * CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). * CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). * CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: * ABI: testing: fix admv8818 attr description (git-fixes). * ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). * ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). * ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git- fixes). * ACPI: processor: Fix memory leaks in error paths of processor_add() (stable- fixes). * ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). * ACPI: sysfs: validate return type of _STR method (git-fixes). * ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE (stable-fixes). * ACPICA: executer/exsystem: Do not nag user about every Stall() violating the spec (git-fixes). * ALSA: control: Apply sanity check of input values for user elements (stable- fixes). * ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). * ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP (stable-fixes). * ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx (stable-fixes). * ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). * ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). * ALSA: hda/realtek: extend quirks for Clevo V5[46]0 (stable-fixes). * ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). * ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). * ALSA: hda: cs35l41: fix module autoloading (git-fixes). * ARM: 9406/1: Fix callchain_trace() return value (git-fixes). * ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). * ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). * ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git- fixes). * ASoC: cs42l42: Convert comma to semicolon (git-fixes). * ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). * ASoC: intel: fix module autoloading (stable-fixes). * ASoC: meson: Remove unused declartion in header file (git-fixes). * ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). * ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git- fixes). * ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). * ASoC: soc-ac97: Fix the incorrect description (git-fixes). * ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). * ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). * ASoC: tda7419: fix module autoloading (stable-fixes). * ASoC: tegra: Fix CBB error during probe() (git-fixes). * ASoC: topology: Properly initialize soc_enum values (stable-fixes). * ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). * ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). * Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). * Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). * Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). * Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). * Bluetooth: hci_event: Use HCI error defines instead of magic values (stable- fixes). * Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). * Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git- fixes). * Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). * Documentation: ioctl: document 0x07 ioctl code (git-fixes). * Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). * Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). * HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). * HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable- fixes). * HID: multitouch: Add support for GT7868Q (stable-fixes). * HID: wacom: Do not warn about dropped packets for first packet (git-fixes). * HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). * IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) * Input: adp5588-keys - fix check on return code (git-fixes). * Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). * Input: ili210x - use kvmalloc() to allocate buffer for firmware update (stable-fixes). * Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). * Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). * Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). * Input: tsc2004/5 - fix reset handling on probe (git-fixes). * Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). * Input: uinput - reject requests with unreasonable number of slots (stable- fixes). * KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). * KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). * KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). * KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). * KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). * KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git- fixes). * KVM: arm64: Do not re-initialize the KVM lock (git-fixes). * KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). * KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (git- fixes). * KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). * KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). * KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git- fixes). * KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). * Merge branch 'SLE15-SP6' (ea7c56db3e5d) into 'SLE15-SP6-RT' * NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). * NFSD: Fix frame size warning in svc_export_parse() (git-fixes). * NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). * NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). * No -rt specific changes this merge. * PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). * PCI: Wait for Link before restoring Downstream Buses (git-fixes). * PCI: al: Check IORESOURCE_BUS existence during probe (stable-fixes). * PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). * PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ (git- fixes). * PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). * PCI: imx6: Fix missing call to phy_power_off() in error handling (git- fixes). * PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable- fixes). * PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). * PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). * PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). * PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/efa: Properly handle unexpected AQ completions (git-fixes) * RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) * RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) * RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) * RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) * RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git- fixes) * RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) * RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) * RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) * RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) * RDMA/hns: Optimize hem allocation performance (git-fixes) * RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) * RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) * RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) * RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) * RDMA/mlx5: Obtain upper net device only when needed (git-fixes) * RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) * RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git- fixes) * Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). * Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (git-fixes). * Revert "PCI: Extend ACS configurability (bsc#1228090)." (bsc#1229019) * Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" (stable- fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (git-fixes). * Revert "mm, kmsan: fix infinite recursion due to RCU critical section" * Revert "mm/sparsemem: fix race in accessing memory_section->usage" * Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()" * Squashfs: sanity check symbolic link size (git-fixes). * USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). * USB: serial: kobil_sct: restore initial terminal settings (git-fixes). * USB: serial: option: add MeiG Smart SRM825L (git-fixes). * USB: serial: option: add MeiG Smart SRM825L (stable-fixes). * USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). * USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). * VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). * afs: Do not cross .backup mountpoint from backup volume (git-fixes). * afs: Revert "afs: Hide silly-rename files from userspace" (git-fixes). * arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) * arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) * arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). * arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). * arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git- fixes). * arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). * arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git- fixes). * arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git- fixes). * arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). * arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git- fixes). * arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). * arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). * arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). * arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) * arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) * arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) * ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). * ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git- fixes). * ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). * ata: pata_macio: Use WARN instead of BUG (stable-fixes). * blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). * blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). * bpf, events: Use prog to emit ksymbol event for main program (git-fixes). * bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). * btrfs: fix race between direct IO write and fsync when using same fd (git- fixes). * btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). * bus: integrator-lm: fix OF node leak in probe() (git-fixes). * cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). * cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231183). * can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). * can: bcm: Remove proc entry when dev is unregistered (git-fixes). * can: j1939: use correct function name in comment (git-fixes). * can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). * can: m_can: Release irq on error in m_can_open (git-fixes). * can: m_can: enable NAPI before enabling interrupts (git-fixes). * can: m_can: m_can_close(): stop clocks after device has been shut down (git- fixes). * can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git- fixes). * can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). * can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode (git-fixes). * can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). * can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). * can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). * can: mcp251xfd: properly indent labels (stable-fixes). * can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). * can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). * cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). * cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (stable- fixes). * ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231182). * clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). * clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). * clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). * clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git- fixes). * clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). * clk: qcom: gcc-sc8280xp: do not use parking clk_ops for QUPs (git-fixes). * clk: qcom: gcc-sm8550: Do not park the USB RCG at registration time (git- fixes). * clk: qcom: gcc-sm8550: Do not use parking clk_ops for QUPs (git-fixes). * clk: qcom: ipq9574: Update the alpha PLL type for GPLLs (git-fixes). * clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). * clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (git- fixes). * clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (git-fixes). * clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). * cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable- fixes). * cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). * cpufreq: scmi: Avoid overflow of target_freq in fast switch (stable-fixes). * cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). * crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). * crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). * crypto: iaa - Fix potential use after free bug (git-fixes). * crypto: qat - fix unintentional re-enabling of error interrupts (stable- fixes). * crypto: xor - fix template benchmarking (git-fixes). * cxl/core: Fix incorrect vendor debug UUID define (git-fixes). * cxl/pci: Fix to record only non-zero ranges (git-fixes). * devres: Initialize an uninitialized struct member (stable-fixes). * dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). * dma-debug: avoid deadlock between dma debug vs printk and netconsole (stable-fixes). * dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (stable-fixes). * dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks (stable-fixes). * driver core: Fix a potential null-ptr-deref in module_add_driver() (git- fixes). * driver core: Fix error handling in driver API device_rename() (git-fixes). * driver: iio: add missing checks on iio_info's callback access (stable- fixes). * drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). * drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). * drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). * drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). * drm/amd/amdgpu: Properly tune the size of struct (git-fixes). * drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). * drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). * drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (stable-fixes). * drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). * drm/amd/display: Avoid overflow from uint32_t to uint8_t (stable-fixes). * drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). * drm/amd/display: Check BIOS images before it is used (stable-fixes). * drm/amd/display: Check HDCP returned status (stable-fixes). * drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). * drm/amd/display: Check denominator pbn_div before used (stable-fixes). * drm/amd/display: Check gpio_id before used as array index (stable-fixes). * drm/amd/display: Check index for aux_rd_interval before using (stable- fixes). * drm/amd/display: Check msg_id before processing transcation (stable-fixes). * drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). * drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). * drm/amd/display: Defer handling mst up request in resume (stable-fixes). * drm/amd/display: Disable error correction if it's not supported (stable- fixes). * drm/amd/display: Do not use fsleep for PSR exit waits on dmub replay (stable-fixes). * drm/amd/display: Ensure array index tg_inst won't be -1 (stable-fixes). * drm/amd/display: Ensure index calculation will not overflow (stable-fixes). * drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). * drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy (stable-fixes). * drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info (stable-fixes). * drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). * drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (stable-fixes). * drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 (stable-fixes). * drm/amd/display: Handle the case which quad_part is equal 0 (stable-fixes). * drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection (stable-fixes). * drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd (git-fixes). * drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). * drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). * drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable- fixes). * drm/amd/display: Solve mst monitors blank out problem after resume (git- fixes). * drm/amd/display: Spinlock before reading event (stable-fixes). * drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). * drm/amd/display: Wake DMCUB before sending a command for replay feature (stable-fixes). * drm/amd/display: added NULL check at start of dc_validate_stream (stable- fixes). * drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git- fixes). * drm/amd/display: use preferred link settings for dp signal only (stable- fixes). * drm/amd/pm: Fix negative array index read (stable-fixes). * drm/amd/pm: check negtive return for table entries (stable-fixes). * drm/amd/pm: check specific index for aldebaran (stable-fixes). * drm/amd/pm: check specific index for smu13 (stable-fixes). * drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable- fixes). * drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable- fixes). * drm/amd: Add gfx12 swizzle mode defs (stable-fixes). * drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). * drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). * drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). * drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable- fixes). * drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). * drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). * drm/amdgpu/swsmu: always force a state reprogram on init (stable-fixes). * drm/amdgpu: Fix get each xcp macro (git-fixes). * drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). * drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). * drm/amdgpu: Fix smatch static checker warning (stable-fixes). * drm/amdgpu: Fix the uninitialized variable warning (stable-fixes). * drm/amdgpu: Fix the warning division or modulo by zero (stable-fixes). * drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable- fixes). * drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl (stable- fixes). * drm/amdgpu: Handle sg size limit for contiguous allocation (stable-fixes). * drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). * drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb (stable-fixes). * drm/amdgpu: add lock in kfd_process_dequeue_from_device (stable-fixes). * drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). * drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes). * drm/amdgpu: align pp_power_profile_mode with kernel docs (stable-fixes). * drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). * drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). * drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). * drm/amdgpu: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: fix contiguous handling for IB parsing v2 (git-fixes). * drm/amdgpu: fix dereference after null check (stable-fixes). * drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). * drm/amdgpu: fix overflowed array index read warning (stable-fixes). * drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() (stable-fixes). * drm/amdgpu: fix the waring dereferencing hive (stable-fixes). * drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). * drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). * drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). * drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). * drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). * drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). * drm/amdgpu: update type of buf size to u32 for eeprom functions (stable- fixes). * drm/amdgu: fix Unintentional integer overflow for mall size (stable-fixes). * drm/amdkfd: Check debug trap enable before write dbg_ev_file (stable-fixes). * drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). * drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). * drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). * drm/drm-bridge: Drop conditionals around of_node pointers (stable-fixes). * drm/fb-helper: Do not schedule_work() to flush frame buffer during panic() (stable-fixes). * drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes). * drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). * drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git- fixes). * drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). * drm/i915: Do not attempt to load the GSC multiple times (git-fixes). * drm/kfd: Correct pinned buffer handling at kfd restore and validate process (stable-fixes). * drm/mediatek: Set sensible cursor width/height values to fix crash (stable- fixes). * drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). * drm/meson: plane: Add error handling (stable-fixes). * drm/msm/a5xx: disable preemption in submits by default (git-fixes). * drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). * drm/msm/a5xx: properly clear preemption records on resume (git-fixes). * drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). * drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). * drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). * drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). * drm/msm: fix %s null argument error (git-fixes). * drm/nouveau/fb: restore init() for ramgp102 (git-fixes). * drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git- fixes). * drm/radeon: fix null pointer dereference in radeon_add_common_modes (git- fixes). * drm/radeon: properly handle vbios fake edid sizing (git-fixes). * drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git- fixes). * drm/rockchip: vop: Allow 4096px width scaling (git-fixes). * drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). * drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). * drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). * drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). * drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). * drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). * drm: komeda: Fix an issue related to normalized zpos (stable-fixes). * drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). * drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). * drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). * ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). * erofs: fix incorrect symlink detection in fast symlink (git-fixes). * exfat: fix memory leak in exfat_load_bitmap() (git-fixes). * fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). * firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). * firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). * firmware_loader: Block path traversal (git-fixes). * fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). * fuse: fix memory leak in fuse_create_open (bsc#1230124). * fuse: update stats for pages in dropped aux writeback list (bsc#1230125). * fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230123). * gpio: modepin: Enable module autoloading (git-fixes). * gpio: rockchip: fix OF node leak in probe() (git-fixes). * hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). * hwmon: (k10temp) Check return value of amd_smn_read() (stable-fixes). * hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable- fixes). * hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). * hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (ntc_thermistor) fix module autoloading (git-fixes). * hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). * hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). * hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git- fixes). * hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git- fixes). * hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). * i2c: aspeed: Update the stop sw state when the bus recovery occurs (git- fixes). * i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). * i2c: isch: Add missed 'else' (git-fixes). * i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). * i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). * i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable- fixes). * iio: adc: ad7124: fix chip ID mismatch (git-fixes). * iio: adc: ad7124: fix config comparison (git-fixes). * iio: adc: ad7606: fix oversampling gpio array (git-fixes). * iio: adc: ad7606: fix standby gpio state to match the documentation (git- fixes). * iio: adc: ad7606: remove frstdata check for serial mode (git-fixes). * iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). * iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git- fixes). * iio: fix scale application in iio_convert_raw_to_processed_unlocked (git- fixes). * iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). * ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). * ipmi:ssif: Improve detecting during probing (bsc#1228771) * ipmi:ssif: Improve detecting during probing (bsc#1228771) * ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206) * jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). * kABI workaround for cros_ec stuff (git-fixes). * kABI: Split kABI out of 'io_uring/kbuf: get rid of bl->is_ready' * kABI: Split kABI out of 'io_uring: Re-add dummy_ubuf for kABI purposes' * kABI: Split kABI out of io_uring/kbuf: protect io_buffer_list teardown with a reference * kabi: dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). * kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable- fixes). * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * leds: spi-byte: Call of_node_put() on error path (stable-fixes). * lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable- fixes). * lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). * mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). * mailbox: rockchip: fix a typo in module autoloading (git-fixes). * media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). * media: ov5675: Fix power on/off delay timings (git-fixes). * media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). * media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). * media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). * media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). * media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). * media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). * media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). * media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). * media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). * media: vivid: fix wrong sizeimage value for mplane (stable-fixes). * memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). * memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). * minmax: reduce min/max macro expansion in atomisp driver (git-fixes). * misc: fastrpc: Fix double free of 'buf' in error path (git-fixes). * mmc: core: apply SD quirks earlier during probe (git-fixes). * mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). * mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). * mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). * module: Fix KCOV-ignored file name (git-fixes). * mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). * mtd: slram: insert break after errors in parsing the map (git-fixes). * net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git- fixes). * net: phy: Fix missing of_node_put() for leds (git-fixes). * net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). * net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). * net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes). * nfsd: Do not leave work of closing files to a work queue (bsc#1228140). * nilfs2: determine empty node blocks as corrupted (git-fixes). * nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). * nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). * nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). * nilfs2: fix state management in error path of log writing function (git- fixes). * nilfs2: protect references to superblock parameters exposed in sysfs (git- fixes). * nouveau: fix the fwsec sb verification register (git-fixes). * nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). * nvme-multipath: system fails to create generic nvme device (bsc#1228244). * nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). * nvme-pci: allocate tagset on reset if necessary (git-fixes). * nvme-tcp: fix link failure for TCP auth (git-fixes). * nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). * nvme: clear caller pointer on identify failure (git-fixes). * nvme: fix namespace removal list (git-fixes). * nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). * nvmet-tcp: do not continue for invalid icreq (git-fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * nvmet-trace: avoid dereferencing pointer too early (git-fixes). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). * pcmcia: Use resource_size function on resource object (stable-fixes). * perf annotate: Introduce global annotation_options (git-fixes). * perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). * perf annotate: Use global annotation_options (git-fixes). * perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). * perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). * perf intel-pt: Fix exclude_guest setting (git-fixes). * perf machine thread: Remove exited threads by default (git-fixes). * perf maps: Move symbol maps functions to maps.c (git-fixes). * perf pmu: Assume sysfs events are always the same case (git-fixes). * perf pmus: Fixes always false when compare duplicates aliases (git-fixes). * perf record: Lazy load kernel symbols (git-fixes). * perf report: Convert to the global annotation_options (git-fixes). * perf report: Fix condition in sort__sym_cmp() (git-fixes). * perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). * perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). * perf tool: fix dereferencing NULL al->maps (git-fixes). * perf tools: Add/use PMU reverse lookup from config to name (git-fixes). * perf tools: Use pmus to describe type from attribute (git-fixes). * perf top: Convert to the global annotation_options (git-fixes). * perf/core: Fix missing wakeup when waiting for context reference (git- fixes). * perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git- fixes). * perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). * perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). * perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). * perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git- fixes). * perf/x86/intel/pt: Fix topa_entry base length (git-fixes). * perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git- fixes). * perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). * perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). * perf/x86/intel: Factor out the initialization code for SPR (git fixes). * perf/x86/intel: Limit the period on Haswell (git-fixes). * perf/x86/intel: Use the common uarch name for the shared functions (git fixes). * perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). * perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). * perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). * perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). * perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). * perf/x86/uncore: Save the unit control address of all units (bsc#1230119). * perf/x86/uncore: Support per PMU cpumask (bsc#1230119). * perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). * perf/x86: Serialize set_attr_rdpmc() (git-fixes). * perf: Fix default aux_watermark calculation (git-fixes). * perf: Fix event leak upon exit (git-fixes). * perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). * perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). * perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). * phy: zynqmp: Take the phy mutex in xlate (stable-fixes). * pinctrl: at91: make it work with current gpiolib (stable-fixes). * pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). * pinctrl: single: fix missing error code in pcs_probe() (git-fixes). * platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable- fixes). * platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). * platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). * platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). * platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). * platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git- fixes). * platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). * power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). * power: supply: axp20x_battery: Remove design from min and max voltage (git- fixes). * power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). * power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). * powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). * powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295 ltc#206656). * pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode (stable-fixes). * r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). * regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). * regmap: spi: Fix potential off-by-one when calculating reserved size (stable-fixes). * regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). * regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). * regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). * regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR (git-fixes). * regulator: rt5120: Convert comma to semicolon (git-fixes). * regulator: wm831x-isink: Convert comma to semicolon (git-fixes). * remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). * remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). * remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). * reset: berlin: fix OF node leak in probe() error path (git-fixes). * reset: k210: fix OF node leak in probe() error path (git-fixes). * resource: fix region_intersects() vs add_memory_driver_managed() (git- fixes). * rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc * rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). * s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). * s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). * s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). * s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). * s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). * scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). * scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). * scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). * scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). * scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). * selftests: lib: remove strscpy test (git-fixes). * selinux,smack: do not bypass permissions check in inode_setsecctx hook (stable-fixes). * soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). * soc: versatile: integrator: fix OF node leak in probe() error path (git- fixes). * spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). * spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). * spi: bcm63xx: Enable module autoloading (stable-fixes). * spi: bcm63xx: Fix module autoloading (git-fixes). * spi: meson-spicc: convert comma to semicolon (git-fixes). * spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). * spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). * spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). * spi: rockchip: Resolve unbalanced runtime PM / system PM handling (git- fixes). * spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). * spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). * spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). * spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). * staging: iio: frequency: ad9834: Validate frequency parameter value (git- fixes). * supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) * thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). * thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git- fixes). * thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git- fixes). * thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). * tomoyo: fallback to realpath if symlink's pathname does not exist (git- fixes). * tools/perf: Fix the string match for "/tmp/perf-$PID.map" files in dso__load (git-fixes). * tpm: Clean up TPM space after command failure (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). * uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git- fixes). * usb: cdnsp: Fix incorrect usb_request status (git-fixes). * usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). * usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). * usb: dwc3: Avoid waking up gadget during startxfer (git-fixes). * usb: dwc3: core: Prevent USB core invalid event buffer address access (git- fixes). * usb: dwc3: core: Prevent USB core invalid event buffer address access (stable-fixes). * usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). * usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). * usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). * usb: typec: ucsi: Wait 20ms before reading CCI after a reset (git-fixes). * usb: uas: set host status byte on data completion error (stable-fixes). * usbip: Do not submit special requests twice (stable-fixes). * usbnet: ipheth: add CDC NCM support (git-fixes). * usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). * usbnet: ipheth: drop RX URBs with no payload (git-fixes). * usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). * usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). * usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). * usbnet: ipheth: remove extraneous rx URB length check (git-fixes). * usbnet: ipheth: transmit URBs without trailing padding (git-fixes). * usbnet: modern method to get random MAC (git-fixes). * virtio-net: synchronize probe with ndo_set_features (git-fixes). * virtio_net: Fix napi_skb_cache_put warning (git-fixes). * virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). * watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). * wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() (stable- fixes). * wifi: ath12k: fix BSS chan info request WMI command (git-fixes). * wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). * wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). * wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). * wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes). * wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() (stable- fixes). * wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). * wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). * wifi: brcmfmac: introducing fwil query functions (git-fixes). * wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). * wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). * wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git- fixes). * wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git- fixes). * wifi: cfg80211: make hash table duplicates more survivable (stable-fixes). * wifi: cfg80211: restrict operation during radar detection (stable-fixes). * wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). * wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). * wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable- fixes). * wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). * wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). * wifi: iwlwifi: mvm: increase the time between ranging measurements (git- fixes). * wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). * wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). * wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD (stable-fixes). * wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). * wifi: mac80211: fix the comeback long retry times (git-fixes). * wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable- fixes). * wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git- fixes). * wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). * wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). * wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). * wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git- fixes). * wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). * wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). * wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). * wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). * wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). * wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). * wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). * wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). * wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). * wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). * wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). * wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). * wifi: rtw88: always wait for both firmware loading attempts (git-fixes). * wifi: rtw88: remove CPT execution branch never used (git-fixes). * wifi: rtw88: usb: schedule rx work after everything is set up (stable- fixes). * wifi: rtw89: ser: avoid multiple deinit on same CAM (stable-fixes). * wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). * wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). * x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). * x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). * x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). * x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). * x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops() (bsc#1221527). * x86/pat: Fix W^X violation false-positives when running as Xen PV guest (bsc#1221527). * x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527). * x86/pat: Restructure _lookup_address_cpa() (bsc#1221527). * xen/swiotlb: add alignment check for dma buffers (bsc#1229928). * xen/swiotlb: fix allocated size (git-fixes). * xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). * xen: allow mapping ACPI data using a different physical address (bsc#1226003). * xen: introduce generic helper checking for memory map conflicts (bsc#1226003). * xen: move checks for e820 conflicts further up (bsc#1226003). * xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). * xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). * xen: use correct end address of kernel for conflict checking (bsc#1226003). * xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git- fixes). * xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git- fixes). * xz: cleanup CRC32 edits from 2018 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3564=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3564=1 * SUSE Real Time Module 15-SP6 zypper in -t patch SUSE-SLE-Module-RT-15-SP6-2024-3564=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * ocfs2-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * ocfs2-kmp-rt-6.4.0-150600.10.14.1 * gfs2-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * reiserfs-kmp-rt-6.4.0-150600.10.14.1 * kernel-rt_debug-vdso-debuginfo-6.4.0-150600.10.14.1 * kernel-syms-rt-6.4.0-150600.10.14.1 * reiserfs-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * kernel-rt-optional-6.4.0-150600.10.14.1 * kernel-rt-optional-debuginfo-6.4.0-150600.10.14.1 * kernel-rt-extra-debuginfo-6.4.0-150600.10.14.1 * kernel-rt_debug-devel-debuginfo-6.4.0-150600.10.14.1 * kernel-rt-devel-debuginfo-6.4.0-150600.10.14.1 * dlm-kmp-rt-6.4.0-150600.10.14.1 * dlm-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * kselftests-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * kernel-rt-devel-6.4.0-150600.10.14.1 * kernel-rt_debug-livepatch-devel-6.4.0-150600.10.14.1 * kernel-rt-extra-6.4.0-150600.10.14.1 * kernel-rt-vdso-6.4.0-150600.10.14.1 * kernel-rt-livepatch-devel-6.4.0-150600.10.14.1 * gfs2-kmp-rt-6.4.0-150600.10.14.1 * kernel-rt-vdso-debuginfo-6.4.0-150600.10.14.1 * kernel-rt_debug-debugsource-6.4.0-150600.10.14.1 * cluster-md-kmp-rt-6.4.0-150600.10.14.1 * cluster-md-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * kselftests-kmp-rt-6.4.0-150600.10.14.1 * kernel-rt-debuginfo-6.4.0-150600.10.14.1 * kernel-rt-debugsource-6.4.0-150600.10.14.1 * kernel-rt_debug-vdso-6.4.0-150600.10.14.1 * kernel-rt_debug-devel-6.4.0-150600.10.14.1 * kernel-rt_debug-debuginfo-6.4.0-150600.10.14.1 * openSUSE Leap 15.6 (noarch) * kernel-devel-rt-6.4.0-150600.10.14.1 * kernel-source-rt-6.4.0-150600.10.14.1 * openSUSE Leap 15.6 (nosrc x86_64) * kernel-rt_debug-6.4.0-150600.10.14.1 * kernel-rt-6.4.0-150600.10.14.1 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_10_14-rt-debuginfo-1-150600.1.3.1 * kernel-livepatch-6_4_0-150600_10_14-rt-1-150600.1.3.1 * kernel-livepatch-SLE15-SP6-RT_Update_4-debugsource-1-150600.1.3.1 * SUSE Real Time Module 15-SP6 (x86_64) * dlm-kmp-rt-6.4.0-150600.10.14.1 * cluster-md-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * ocfs2-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * ocfs2-kmp-rt-6.4.0-150600.10.14.1 * gfs2-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * gfs2-kmp-rt-6.4.0-150600.10.14.1 * dlm-kmp-rt-debuginfo-6.4.0-150600.10.14.1 * kernel-syms-rt-6.4.0-150600.10.14.1 * kernel-rt-debuginfo-6.4.0-150600.10.14.1 * kernel-rt-debugsource-6.4.0-150600.10.14.1 * kernel-rt-devel-6.4.0-150600.10.14.1 * kernel-rt_debug-debugsource-6.4.0-150600.10.14.1 * cluster-md-kmp-rt-6.4.0-150600.10.14.1 * kernel-rt_debug-devel-debuginfo-6.4.0-150600.10.14.1 * kernel-rt_debug-devel-6.4.0-150600.10.14.1 * kernel-rt_debug-debuginfo-6.4.0-150600.10.14.1 * kernel-rt-devel-debuginfo-6.4.0-150600.10.14.1 * SUSE Real Time Module 15-SP6 (noarch) * kernel-devel-rt-6.4.0-150600.10.14.1 * kernel-source-rt-6.4.0-150600.10.14.1 * SUSE Real Time Module 15-SP6 (nosrc x86_64) * kernel-rt_debug-6.4.0-150600.10.14.1 * kernel-rt-6.4.0-150600.10.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52610.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52915.html * https://www.suse.com/security/cve/CVE-2023-52916.html * https://www.suse.com/security/cve/CVE-2024-26640.html * https://www.suse.com/security/cve/CVE-2024-26759.html * https://www.suse.com/security/cve/CVE-2024-26804.html * https://www.suse.com/security/cve/CVE-2024-36953.html * https://www.suse.com/security/cve/CVE-2024-38538.html * https://www.suse.com/security/cve/CVE-2024-38596.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-40965.html * https://www.suse.com/security/cve/CVE-2024-40973.html * https://www.suse.com/security/cve/CVE-2024-40983.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42243.html * https://www.suse.com/security/cve/CVE-2024-42252.html * https://www.suse.com/security/cve/CVE-2024-42265.html * https://www.suse.com/security/cve/CVE-2024-42294.html * https://www.suse.com/security/cve/CVE-2024-42304.html * https://www.suse.com/security/cve/CVE-2024-42305.html * https://www.suse.com/security/cve/CVE-2024-42306.html * https://www.suse.com/security/cve/CVE-2024-43828.html * https://www.suse.com/security/cve/CVE-2024-43832.html * https://www.suse.com/security/cve/CVE-2024-43835.html * https://www.suse.com/security/cve/CVE-2024-43845.html * https://www.suse.com/security/cve/CVE-2024-43870.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43898.html * https://www.suse.com/security/cve/CVE-2024-43904.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44935.html * https://www.suse.com/security/cve/CVE-2024-44944.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44947.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44950.html * https://www.suse.com/security/cve/CVE-2024-44951.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44960.html * https://www.suse.com/security/cve/CVE-2024-44961.html * https://www.suse.com/security/cve/CVE-2024-44962.html * https://www.suse.com/security/cve/CVE-2024-44965.html * https://www.suse.com/security/cve/CVE-2024-44967.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44970.html * https://www.suse.com/security/cve/CVE-2024-44971.html * https://www.suse.com/security/cve/CVE-2024-44977.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44984.html * https://www.suse.com/security/cve/CVE-2024-44985.html * https://www.suse.com/security/cve/CVE-2024-44986.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44988.html * https://www.suse.com/security/cve/CVE-2024-44989.html * https://www.suse.com/security/cve/CVE-2024-44990.html * https://www.suse.com/security/cve/CVE-2024-44991.html * https://www.suse.com/security/cve/CVE-2024-44997.html * https://www.suse.com/security/cve/CVE-2024-44998.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45000.html * https://www.suse.com/security/cve/CVE-2024-45001.html * https://www.suse.com/security/cve/CVE-2024-45002.html * https://www.suse.com/security/cve/CVE-2024-45003.html * https://www.suse.com/security/cve/CVE-2024-45005.html * https://www.suse.com/security/cve/CVE-2024-45006.html * https://www.suse.com/security/cve/CVE-2024-45007.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-45011.html * https://www.suse.com/security/cve/CVE-2024-45012.html * https://www.suse.com/security/cve/CVE-2024-45013.html * https://www.suse.com/security/cve/CVE-2024-45015.html * https://www.suse.com/security/cve/CVE-2024-45017.html * https://www.suse.com/security/cve/CVE-2024-45018.html * https://www.suse.com/security/cve/CVE-2024-45019.html * https://www.suse.com/security/cve/CVE-2024-45020.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-45022.html * https://www.suse.com/security/cve/CVE-2024-45023.html * https://www.suse.com/security/cve/CVE-2024-45026.html * https://www.suse.com/security/cve/CVE-2024-45028.html * https://www.suse.com/security/cve/CVE-2024-45029.html * https://www.suse.com/security/cve/CVE-2024-45030.html * https://www.suse.com/security/cve/CVE-2024-46672.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46674.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46687.html * https://www.suse.com/security/cve/CVE-2024-46689.html * https://www.suse.com/security/cve/CVE-2024-46691.html * https://www.suse.com/security/cve/CVE-2024-46692.html * https://www.suse.com/security/cve/CVE-2024-46693.html * https://www.suse.com/security/cve/CVE-2024-46694.html * https://www.suse.com/security/cve/CVE-2024-46695.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46706.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46709.html * https://www.suse.com/security/cve/CVE-2024-46710.html * https://www.suse.com/security/cve/CVE-2024-46714.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46716.html * https://www.suse.com/security/cve/CVE-2024-46717.html * https://www.suse.com/security/cve/CVE-2024-46719.html * https://www.suse.com/security/cve/CVE-2024-46720.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46724.html * https://www.suse.com/security/cve/CVE-2024-46725.html * https://www.suse.com/security/cve/CVE-2024-46726.html * https://www.suse.com/security/cve/CVE-2024-46728.html * https://www.suse.com/security/cve/CVE-2024-46729.html * https://www.suse.com/security/cve/CVE-2024-46730.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46732.html * https://www.suse.com/security/cve/CVE-2024-46734.html * https://www.suse.com/security/cve/CVE-2024-46735.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46741.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46746.html * https://www.suse.com/security/cve/CVE-2024-46747.html * https://www.suse.com/security/cve/CVE-2024-46749.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46751.html * https://www.suse.com/security/cve/CVE-2024-46752.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46755.html * https://www.suse.com/security/cve/CVE-2024-46756.html * https://www.suse.com/security/cve/CVE-2024-46757.html * https://www.suse.com/security/cve/CVE-2024-46758.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46760.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46767.html * https://www.suse.com/security/cve/CVE-2024-46771.html * https://www.suse.com/security/cve/CVE-2024-46772.html * https://www.suse.com/security/cve/CVE-2024-46773.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46776.html * https://www.suse.com/security/cve/CVE-2024-46778.html * https://www.suse.com/security/cve/CVE-2024-46780.html * https://www.suse.com/security/cve/CVE-2024-46781.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46786.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46791.html * https://www.suse.com/security/cve/CVE-2024-46794.html * https://www.suse.com/security/cve/CVE-2024-46797.html * https://www.suse.com/security/cve/CVE-2024-46798.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://bugzilla.suse.com/show_bug.cgi?id=1012628 * https://bugzilla.suse.com/show_bug.cgi?id=1183045 * https://bugzilla.suse.com/show_bug.cgi?id=1215199 * https://bugzilla.suse.com/show_bug.cgi?id=1216223 * https://bugzilla.suse.com/show_bug.cgi?id=1216776 * https://bugzilla.suse.com/show_bug.cgi?id=1220382 * https://bugzilla.suse.com/show_bug.cgi?id=1221527 * https://bugzilla.suse.com/show_bug.cgi?id=1221610 * https://bugzilla.suse.com/show_bug.cgi?id=1221650 * https://bugzilla.suse.com/show_bug.cgi?id=1222629 * https://bugzilla.suse.com/show_bug.cgi?id=1223600 * https://bugzilla.suse.com/show_bug.cgi?id=1223848 * https://bugzilla.suse.com/show_bug.cgi?id=1225487 * https://bugzilla.suse.com/show_bug.cgi?id=1225812 * https://bugzilla.suse.com/show_bug.cgi?id=1225903 * https://bugzilla.suse.com/show_bug.cgi?id=1226003 * https://bugzilla.suse.com/show_bug.cgi?id=1226507 * https://bugzilla.suse.com/show_bug.cgi?id=1226606 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1226846 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227694 * https://bugzilla.suse.com/show_bug.cgi?id=1227726 * https://bugzilla.suse.com/show_bug.cgi?id=1227819 * https://bugzilla.suse.com/show_bug.cgi?id=1227885 * https://bugzilla.suse.com/show_bug.cgi?id=1227890 * https://bugzilla.suse.com/show_bug.cgi?id=1227962 * https://bugzilla.suse.com/show_bug.cgi?id=1228090 * https://bugzilla.suse.com/show_bug.cgi?id=1228140 * https://bugzilla.suse.com/show_bug.cgi?id=1228244 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228771 * https://bugzilla.suse.com/show_bug.cgi?id=1229001 * https://bugzilla.suse.com/show_bug.cgi?id=1229004 * https://bugzilla.suse.com/show_bug.cgi?id=1229019 * https://bugzilla.suse.com/show_bug.cgi?id=1229086 * https://bugzilla.suse.com/show_bug.cgi?id=1229167 * https://bugzilla.suse.com/show_bug.cgi?id=1229169 * https://bugzilla.suse.com/show_bug.cgi?id=1229289 * https://bugzilla.suse.com/show_bug.cgi?id=1229334 * https://bugzilla.suse.com/show_bug.cgi?id=1229362 * https://bugzilla.suse.com/show_bug.cgi?id=1229363 * https://bugzilla.suse.com/show_bug.cgi?id=1229364 * https://bugzilla.suse.com/show_bug.cgi?id=1229371 * https://bugzilla.suse.com/show_bug.cgi?id=1229380 * https://bugzilla.suse.com/show_bug.cgi?id=1229389 * https://bugzilla.suse.com/show_bug.cgi?id=1229394 * https://bugzilla.suse.com/show_bug.cgi?id=1229429 * https://bugzilla.suse.com/show_bug.cgi?id=1229443 * https://bugzilla.suse.com/show_bug.cgi?id=1229452 * https://bugzilla.suse.com/show_bug.cgi?id=1229455 * https://bugzilla.suse.com/show_bug.cgi?id=1229456 * https://bugzilla.suse.com/show_bug.cgi?id=1229494 * https://bugzilla.suse.com/show_bug.cgi?id=1229585 * https://bugzilla.suse.com/show_bug.cgi?id=1229753 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229768 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229810 * https://bugzilla.suse.com/show_bug.cgi?id=1229899 * https://bugzilla.suse.com/show_bug.cgi?id=1229928 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230119 * https://bugzilla.suse.com/show_bug.cgi?id=1230123 * https://bugzilla.suse.com/show_bug.cgi?id=1230124 * https://bugzilla.suse.com/show_bug.cgi?id=1230125 * https://bugzilla.suse.com/show_bug.cgi?id=1230169 * https://bugzilla.suse.com/show_bug.cgi?id=1230170 * https://bugzilla.suse.com/show_bug.cgi?id=1230171 * https://bugzilla.suse.com/show_bug.cgi?id=1230173 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230175 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230180 * https://bugzilla.suse.com/show_bug.cgi?id=1230181 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230191 * https://bugzilla.suse.com/show_bug.cgi?id=1230192 * https://bugzilla.suse.com/show_bug.cgi?id=1230193 * https://bugzilla.suse.com/show_bug.cgi?id=1230194 * https://bugzilla.suse.com/show_bug.cgi?id=1230195 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230206 * https://bugzilla.suse.com/show_bug.cgi?id=1230207 * https://bugzilla.suse.com/show_bug.cgi?id=1230209 * https://bugzilla.suse.com/show_bug.cgi?id=1230211 * https://bugzilla.suse.com/show_bug.cgi?id=1230213 * https://bugzilla.suse.com/show_bug.cgi?id=1230217 * https://bugzilla.suse.com/show_bug.cgi?id=1230221 * https://bugzilla.suse.com/show_bug.cgi?id=1230224 * https://bugzilla.suse.com/show_bug.cgi?id=1230230 * https://bugzilla.suse.com/show_bug.cgi?id=1230232 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230240 * https://bugzilla.suse.com/show_bug.cgi?id=1230244 * https://bugzilla.suse.com/show_bug.cgi?id=1230245 * https://bugzilla.suse.com/show_bug.cgi?id=1230247 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230269 * https://bugzilla.suse.com/show_bug.cgi?id=1230270 * https://bugzilla.suse.com/show_bug.cgi?id=1230295 * https://bugzilla.suse.com/show_bug.cgi?id=1230340 * https://bugzilla.suse.com/show_bug.cgi?id=1230426 * https://bugzilla.suse.com/show_bug.cgi?id=1230430 * https://bugzilla.suse.com/show_bug.cgi?id=1230431 * https://bugzilla.suse.com/show_bug.cgi?id=1230432 * https://bugzilla.suse.com/show_bug.cgi?id=1230433 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230435 * https://bugzilla.suse.com/show_bug.cgi?id=1230440 * https://bugzilla.suse.com/show_bug.cgi?id=1230441 * https://bugzilla.suse.com/show_bug.cgi?id=1230442 * https://bugzilla.suse.com/show_bug.cgi?id=1230444 * https://bugzilla.suse.com/show_bug.cgi?id=1230450 * https://bugzilla.suse.com/show_bug.cgi?id=1230451 * https://bugzilla.suse.com/show_bug.cgi?id=1230454 * https://bugzilla.suse.com/show_bug.cgi?id=1230455 * https://bugzilla.suse.com/show_bug.cgi?id=1230457 * https://bugzilla.suse.com/show_bug.cgi?id=1230459 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230507 * https://bugzilla.suse.com/show_bug.cgi?id=1230511 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230518 * https://bugzilla.suse.com/show_bug.cgi?id=1230519 * https://bugzilla.suse.com/show_bug.cgi?id=1230520 * https://bugzilla.suse.com/show_bug.cgi?id=1230521 * https://bugzilla.suse.com/show_bug.cgi?id=1230524 * https://bugzilla.suse.com/show_bug.cgi?id=1230526 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230539 * https://bugzilla.suse.com/show_bug.cgi?id=1230540 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230562 * https://bugzilla.suse.com/show_bug.cgi?id=1230563 * https://bugzilla.suse.com/show_bug.cgi?id=1230564 * https://bugzilla.suse.com/show_bug.cgi?id=1230580 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230602 * https://bugzilla.suse.com/show_bug.cgi?id=1230699 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230701 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230703 * https://bugzilla.suse.com/show_bug.cgi?id=1230704 * https://bugzilla.suse.com/show_bug.cgi?id=1230705 * https://bugzilla.suse.com/show_bug.cgi?id=1230706 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230711 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230715 * https://bugzilla.suse.com/show_bug.cgi?id=1230719 * https://bugzilla.suse.com/show_bug.cgi?id=1230722 * https://bugzilla.suse.com/show_bug.cgi?id=1230724 * https://bugzilla.suse.com/show_bug.cgi?id=1230725 * https://bugzilla.suse.com/show_bug.cgi?id=1230726 * https://bugzilla.suse.com/show_bug.cgi?id=1230727 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230749 * https://bugzilla.suse.com/show_bug.cgi?id=1230751 * https://bugzilla.suse.com/show_bug.cgi?id=1230752 * https://bugzilla.suse.com/show_bug.cgi?id=1230753 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230766 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230768 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230772 * https://bugzilla.suse.com/show_bug.cgi?id=1230775 * https://bugzilla.suse.com/show_bug.cgi?id=1230776 * https://bugzilla.suse.com/show_bug.cgi?id=1230780 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230786 * https://bugzilla.suse.com/show_bug.cgi?id=1230787 * https://bugzilla.suse.com/show_bug.cgi?id=1230791 * https://bugzilla.suse.com/show_bug.cgi?id=1230794 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230802 * https://bugzilla.suse.com/show_bug.cgi?id=1230806 * https://bugzilla.suse.com/show_bug.cgi?id=1230808 * https://bugzilla.suse.com/show_bug.cgi?id=1230809 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230812 * https://bugzilla.suse.com/show_bug.cgi?id=1230813 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230821 * https://bugzilla.suse.com/show_bug.cgi?id=1230825 * https://bugzilla.suse.com/show_bug.cgi?id=1230830 * https://bugzilla.suse.com/show_bug.cgi?id=1230831 * https://bugzilla.suse.com/show_bug.cgi?id=1230854 * https://bugzilla.suse.com/show_bug.cgi?id=1230948 * https://bugzilla.suse.com/show_bug.cgi?id=1231008 * https://bugzilla.suse.com/show_bug.cgi?id=1231035 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://bugzilla.suse.com/show_bug.cgi?id=1231182 * https://bugzilla.suse.com/show_bug.cgi?id=1231183 * https://jira.suse.com/browse/PED-10954 * https://jira.suse.com/browse/PED-9899 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 12:34:20 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 12:34:20 -0000 Subject: SUSE-SU-2024:3559-1: important: Security update for the Linux Kernel Message-ID: <172847726018.6932.5597224951915643555@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3559-1 Release Date: 2024-10-09T08:19:22Z Rating: important References: * bsc#1054914 * bsc#1065729 * bsc#1207341 * bsc#1225316 * bsc#1226846 * bsc#1226860 * bsc#1226878 * bsc#1227487 * bsc#1227941 * bsc#1227952 * bsc#1227953 * bsc#1228000 * bsc#1228002 * bsc#1228068 * bsc#1228507 * bsc#1228615 * bsc#1228620 * bsc#1228635 * bsc#1229334 * bsc#1229362 * bsc#1229363 * bsc#1229456 * bsc#1229457 * bsc#1229633 * bsc#1229645 * bsc#1229739 * bsc#1229753 * bsc#1229764 * bsc#1229790 * bsc#1229830 * bsc#1230015 * bsc#1230151 * bsc#1230171 * bsc#1230174 * bsc#1230176 * bsc#1230178 * bsc#1230180 * bsc#1230185 * bsc#1230200 * bsc#1230204 * bsc#1230233 * bsc#1230248 * bsc#1230270 * bsc#1230398 * bsc#1230506 * bsc#1230515 * bsc#1230517 * bsc#1230533 * bsc#1230535 * bsc#1230549 * bsc#1230556 * bsc#1230582 * bsc#1230589 * bsc#1230700 * bsc#1230702 * bsc#1230709 * bsc#1230710 * bsc#1230712 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230747 * bsc#1230748 * bsc#1230756 * bsc#1230761 * bsc#1230763 * bsc#1230767 * bsc#1230771 * bsc#1230783 * bsc#1230796 * bsc#1230810 * bsc#1230814 * bsc#1230815 * bsc#1230826 * bsc#1231083 * bsc#1231084 * bsc#1231089 * bsc#1231120 * bsc#1231146 * bsc#1231184 Cross-References: * CVE-2021-47387 * CVE-2022-48788 * CVE-2022-48789 * CVE-2022-48790 * CVE-2022-48791 * CVE-2022-48799 * CVE-2022-48844 * CVE-2022-48911 * CVE-2022-48943 * CVE-2022-48945 * CVE-2023-52915 * CVE-2024-38381 * CVE-2024-38596 * CVE-2024-38632 * CVE-2024-41073 * CVE-2024-41079 * CVE-2024-41082 * CVE-2024-42154 * CVE-2024-42265 * CVE-2024-42305 * CVE-2024-42306 * CVE-2024-43884 * CVE-2024-43890 * CVE-2024-43898 * CVE-2024-43912 * CVE-2024-43914 * CVE-2024-44946 * CVE-2024-44947 * CVE-2024-44948 * CVE-2024-44950 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44969 * CVE-2024-44982 * CVE-2024-44987 * CVE-2024-44998 * CVE-2024-44999 * CVE-2024-45008 * CVE-2024-46673 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46702 * CVE-2024-46707 * CVE-2024-46715 * CVE-2024-46721 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46731 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46750 * CVE-2024-46753 * CVE-2024-46759 * CVE-2024-46761 * CVE-2024-46770 * CVE-2024-46774 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46787 * CVE-2024-46822 * CVE-2024-46853 * CVE-2024-46854 * CVE-2024-46859 CVSS scores: * CVE-2021-47387 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48788 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-48788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48799 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48844 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48844 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48943 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38381 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38381 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38596 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41073 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41079 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-42305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43884 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43884 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43912 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43912 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46770 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46770 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46853 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46854 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46854 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 71 vulnerabilities and has nine security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (bsc#1225316). * CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1227952). * CVE-2022-48789: nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1228000). * CVE-2022-48790: nvme: fix a possible use-after-free in controller reset during load (bsc#1227941). * CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) * CVE-2022-48799: perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953). * CVE-2022-48844: Bluetooth: hci_core: Fix leaking sent_cmd skb (bsc#1228068). * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2022-48943: KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1229645). * CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). * CVE-2023-52915: media: dvb-usb-v2: af9035: fix missing unlock (bsc#1230270). * CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). * CVE-2024-41073: nvme: avoid double free special payload (bsc#1228635). * CVE-2024-41079: nvmet: always initialize cqe.result (bsc#1228615). * CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). * CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). * CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). * CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). * CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). * CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-44948: x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174). * CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). * CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). * CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176). * CVE-2024-44969: s390/sclp: Prevent release of buffer in I/O (bsc#1230200). * CVE-2024-44982: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (bsc#1230204). * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46675: usb: dwc3: core: Prevent USB core invalid event buffer address access (bsc#1230533). * CVE-2024-46676: nfc: pn533: Add poll mod list filling check (bsc#1230535). * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) * CVE-2024-46707: KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (bsc#1230582). * CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). * CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) * CVE-2024-46722: drm/amdgpu: fix mc_data out-of-bounds read warning (bsc#1230712). * CVE-2024-46723: drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702). * CVE-2024-46731: drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709). * CVE-2024-46738: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (bsc#1230731). * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46744: Squashfs: sanity check symbolic link size (bsc#1230747). * CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots (bsc#1230748). * CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (bsc#1230814). * CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (bsc#1230761). * CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). * CVE-2024-46853: spi: nxp-fspi: fix the KASAN report out-of-bounds bug (bsc#1231083). * CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). * CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1231089). The following non-security bugs were fixed: * ACPI / EC: Clean up EC GPE mask flag (git-fixes). * ACPI: EC: Avoid printing confusing messages in acpi_ec_setup() (git-fixes). * ACPI: EC: Fix an EC event IRQ storming issue (git-fixes). * ACPI: EC: tweak naming in preparation for GpioInt support (git-fixes). * ACPI: SPCR: Consider baud rate 0 as preconfigured state (git-fixes). * ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment errata (git- fixes). * ACPI: SPCR: work around clock issue on xgene UART (git-fixes). * ACPI: blacklist: fix clang warning for unused DMI table (git-fixes). * ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 (git-fixes). * Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). * Fix bsc#1054914 reference. * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk" (git-fixes). * af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). * af_unix: Fix data-races around sk->sk_shutdown (git-fixes). * af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). * autofs4: use wait_event_killable (bsc#1207341). * ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231184). * fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230151). * kabi fix for proc/mounts: add cursor (bsc#1207341). * kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848) These are lowlevel functions not used outside of exception handling and kernel debugging facilities. * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * media: vivid: avoid integer overflow (git-fixes). * media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). * media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). * media: vivid: s_fbuf: add more sanity checks (git-fixes). * net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git- fixes). * net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git- fixes). * net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git- fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * powerpc sstep: Add support for cnttzw, cnttzd instructions (bsc#1230826 ltc#205848). * powerpc sstep: Add support for extswsli instruction (bsc#1230826 ltc#205848). * powerpc sstep: Add support for modsd, modud instructions (bsc#1230826 ltc#205848). * powerpc sstep: Add support for modsw, moduw instructions (bsc#1230826 ltc#205848). * powerpc/32: Move the inline keyword at the beginning of function declaration (bsc#1230826 ltc#205848). * powerpc/64: Fix update forms of loads and stores to write 64-bit EA (bsc#1230826 ltc#205848). * powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1230826 ltc#205848). * powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git- fixes). * powerpc/imc-pmu: Revert nest_init_lock to being a mutex (bsc#1065729). * powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729). * powerpc/kprobes: Blacklist emulate_update_regs() from kprobes (bsc#1230826 ltc#205848). * powerpc/kprobes: Update optprobes to use emulate_update_regs() (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0 (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix count leading zeros instructions (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix fixed-point arithmetic instructions that set CA32 (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix fixed-point shift instructions that set CA32 (bsc#1230826 ltc#205848). * powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826 ltc#205848). * powerpc/lib: Fix "integer constant is too large" build failure (bsc#1230826 ltc#205848). * powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826 ltc#205848). * powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826 ltc#205848). * powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1065729). * powerpc/sstep: Add support for divde[.] and divdeu[.] instructions (bsc#1230826 ltc#205848). * powerpc/sstep: Avoid used uninitialized error (bsc#1230826 ltc#205848). * powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1230826 ltc#205848). * powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848). * powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1230826 ltc#205848). * powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848). * powerpc/sstep: Fix issues with set_cr0() (bsc#1230826 ltc#205848). * powerpc/sstep: Fix kernel crash if VSX is not present (bsc#1230826 ltc#205848). * powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848). * powerpc/sstep: mullw should calculate a 64 bit signed result (bsc#1230826 ltc#205848). * powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). * powerpc: Add emulation for the addpcis instruction (bsc#1230826 ltc#205848). * powerpc: Change analyse_instr so it does not modify *regs (bsc#1230826 ltc#205848). * powerpc: Do not check MSR FP/VMX/VSX enable bits in analyse_instr() (bsc#1230826 ltc#205848). * powerpc: Do not update CR0 in emulation of popcnt, prty, bpermd instructions (bsc#1230826 ltc#205848). * powerpc: Emulate FP/vector/VSX loads/stores correctly when regs not live (bsc#1230826 ltc#205848). * powerpc: Emulate load/store floating double pair instructions (bsc#1230826 ltc#205848). * powerpc: Emulate load/store floating point as integer word instructions (bsc#1230826 ltc#205848). * powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848). * powerpc: Emulate vector element load/store instructions (bsc#1230826 ltc#205848). * powerpc: Fix emulation of the isel instruction (bsc#1230826 ltc#205848). * powerpc: Fix handling of alignment interrupt on dcbz instruction (bsc#1230826 ltc#205848). * powerpc: Fix kernel crash in emulation of vector loads and stores (bsc#1230826 ltc#205848). * powerpc: Handle most loads and stores in instruction emulation code (bsc#1230826 ltc#205848). * powerpc: Handle opposite-endian processes in emulation code (bsc#1230826 ltc#205848). * powerpc: Make load/store emulation use larger memory accesses (bsc#1230826 ltc#205848). * powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). * powerpc: Separate out load/store emulation into its own function (bsc#1230826 ltc#205848). * powerpc: Set regs->dar if memory access fails in emulate_step() (bsc#1230826 ltc#205848). * powerpc: Use instruction emulation infrastructure to handle alignment faults (bsc#1230826 ltc#205848). * powerpc: Wrap register number correctly for string load/store instructions (bsc#1230826 ltc#205848). * powerpc: sstep: Add support for darn instruction (bsc#1230826 ltc#205848). * powerpc: sstep: Add support for maddhd, maddhdu, maddld instructions (bsc#1230826 ltc#205848). * proc/mounts: add cursor (bsc#1207341). * profiling: fix shift too large makes kernel panic (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git- fixes). * usbnet: fix cyclical race on disconnect with work queue (git-fixes). * usbnet: modern method to get random MAC (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3559=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3559=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3559=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3559=1 SUSE-SLE- HA-12-SP5-2024-3559=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-3559=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2024-3559=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3559=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.231.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-4.12.14-122.231.1 * kernel-obs-build-4.12.14-122.231.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.231.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-debuginfo-4.12.14-122.231.1 * kernel-default-base-4.12.14-122.231.1 * kernel-default-debugsource-4.12.14-122.231.1 * kernel-default-base-debuginfo-4.12.14-122.231.1 * kernel-default-devel-4.12.14-122.231.1 * kernel-syms-4.12.14-122.231.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-4.12.14-122.231.1 * kernel-devel-4.12.14-122.231.1 * kernel-macros-4.12.14-122.231.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.231.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.231.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.231.1 * kernel-default-base-4.12.14-122.231.1 * kernel-default-debugsource-4.12.14-122.231.1 * kernel-default-base-debuginfo-4.12.14-122.231.1 * kernel-default-devel-4.12.14-122.231.1 * kernel-syms-4.12.14-122.231.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-4.12.14-122.231.1 * kernel-devel-4.12.14-122.231.1 * kernel-macros-4.12.14-122.231.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.231.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.231.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.231.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-122.231.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.231.1 * kernel-default-base-4.12.14-122.231.1 * gfs2-kmp-default-4.12.14-122.231.1 * dlm-kmp-default-debuginfo-4.12.14-122.231.1 * kernel-default-debugsource-4.12.14-122.231.1 * gfs2-kmp-default-debuginfo-4.12.14-122.231.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.231.1 * ocfs2-kmp-default-4.12.14-122.231.1 * kernel-default-base-debuginfo-4.12.14-122.231.1 * cluster-md-kmp-default-4.12.14-122.231.1 * kernel-default-devel-4.12.14-122.231.1 * dlm-kmp-default-4.12.14-122.231.1 * kernel-syms-4.12.14-122.231.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-4.12.14-122.231.1 * kernel-devel-4.12.14-122.231.1 * kernel-macros-4.12.14-122.231.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.231.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.231.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-debuginfo-4.12.14-122.231.1 * kernel-default-extra-4.12.14-122.231.1 * kernel-default-extra-debuginfo-4.12.14-122.231.1 * kernel-default-debugsource-4.12.14-122.231.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.231.1 * gfs2-kmp-default-4.12.14-122.231.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.231.1 * dlm-kmp-default-debuginfo-4.12.14-122.231.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.231.1 * ocfs2-kmp-default-4.12.14-122.231.1 * cluster-md-kmp-default-4.12.14-122.231.1 * kernel-default-debugsource-4.12.14-122.231.1 * dlm-kmp-default-4.12.14-122.231.1 * gfs2-kmp-default-debuginfo-4.12.14-122.231.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.231.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.231.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.231.1 * kernel-default-debugsource-4.12.14-122.231.1 * kernel-default-kgraft-devel-4.12.14-122.231.1 * kgraft-patch-4_12_14-122_231-default-1-8.3.1 * kernel-default-kgraft-4.12.14-122.231.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47387.html * https://www.suse.com/security/cve/CVE-2022-48788.html * https://www.suse.com/security/cve/CVE-2022-48789.html * https://www.suse.com/security/cve/CVE-2022-48790.html * https://www.suse.com/security/cve/CVE-2022-48791.html * https://www.suse.com/security/cve/CVE-2022-48799.html * https://www.suse.com/security/cve/CVE-2022-48844.html * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48943.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2023-52915.html * https://www.suse.com/security/cve/CVE-2024-38381.html * https://www.suse.com/security/cve/CVE-2024-38596.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-41073.html * https://www.suse.com/security/cve/CVE-2024-41079.html * https://www.suse.com/security/cve/CVE-2024-41082.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42265.html * https://www.suse.com/security/cve/CVE-2024-42305.html * https://www.suse.com/security/cve/CVE-2024-42306.html * https://www.suse.com/security/cve/CVE-2024-43884.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43898.html * https://www.suse.com/security/cve/CVE-2024-43912.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44947.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44950.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44998.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46721.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46770.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://www.suse.com/security/cve/CVE-2024-46853.html * https://www.suse.com/security/cve/CVE-2024-46854.html * https://www.suse.com/security/cve/CVE-2024-46859.html * https://bugzilla.suse.com/show_bug.cgi?id=1054914 * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1207341 * https://bugzilla.suse.com/show_bug.cgi?id=1225316 * https://bugzilla.suse.com/show_bug.cgi?id=1226846 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1226878 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227941 * https://bugzilla.suse.com/show_bug.cgi?id=1227952 * https://bugzilla.suse.com/show_bug.cgi?id=1227953 * https://bugzilla.suse.com/show_bug.cgi?id=1228000 * https://bugzilla.suse.com/show_bug.cgi?id=1228002 * https://bugzilla.suse.com/show_bug.cgi?id=1228068 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228615 * https://bugzilla.suse.com/show_bug.cgi?id=1228620 * https://bugzilla.suse.com/show_bug.cgi?id=1228635 * https://bugzilla.suse.com/show_bug.cgi?id=1229334 * https://bugzilla.suse.com/show_bug.cgi?id=1229362 * https://bugzilla.suse.com/show_bug.cgi?id=1229363 * https://bugzilla.suse.com/show_bug.cgi?id=1229456 * https://bugzilla.suse.com/show_bug.cgi?id=1229457 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1229645 * https://bugzilla.suse.com/show_bug.cgi?id=1229739 * https://bugzilla.suse.com/show_bug.cgi?id=1229753 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229830 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230151 * https://bugzilla.suse.com/show_bug.cgi?id=1230171 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230180 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230270 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230710 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230763 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230826 * https://bugzilla.suse.com/show_bug.cgi?id=1231083 * https://bugzilla.suse.com/show_bug.cgi?id=1231084 * https://bugzilla.suse.com/show_bug.cgi?id=1231089 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://bugzilla.suse.com/show_bug.cgi?id=1231184 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 12:36:21 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 12:36:21 -0000 Subject: SUSE-SU-2024:3569-1: important: Security update for the Linux Kernel Message-ID: <172847738145.6932.7294637578873309945@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3569-1 Release Date: 2024-10-09T11:52:14Z Rating: important References: * bsc#1199769 * bsc#1216223 * bsc#1220382 * bsc#1221610 * bsc#1221650 * bsc#1222629 * bsc#1222973 * bsc#1223600 * bsc#1223848 * bsc#1224085 * bsc#1225903 * bsc#1226003 * bsc#1226606 * bsc#1226662 * bsc#1226666 * bsc#1226846 * bsc#1226860 * bsc#1226875 * bsc#1226915 * bsc#1227487 * bsc#1227726 * bsc#1227819 * bsc#1227832 * bsc#1227890 * bsc#1228507 * bsc#1228576 * bsc#1228620 * bsc#1228771 * bsc#1229031 * bsc#1229034 * bsc#1229086 * bsc#1229156 * bsc#1229289 * bsc#1229334 * bsc#1229362 * bsc#1229363 * bsc#1229364 * bsc#1229394 * bsc#1229429 * bsc#1229453 * bsc#1229572 * bsc#1229573 * bsc#1229585 * bsc#1229607 * bsc#1229619 * bsc#1229633 * bsc#1229662 * bsc#1229753 * bsc#1229764 * bsc#1229790 * bsc#1229810 * bsc#1229830 * bsc#1229899 * bsc#1229928 * bsc#1229947 * bsc#1230015 * bsc#1230129 * bsc#1230130 * bsc#1230170 * bsc#1230171 * bsc#1230174 * bsc#1230175 * bsc#1230176 * bsc#1230178 * bsc#1230180 * bsc#1230185 * bsc#1230192 * bsc#1230193 * bsc#1230194 * bsc#1230200 * bsc#1230204 * bsc#1230209 * bsc#1230211 * bsc#1230212 * bsc#1230217 * bsc#1230224 * bsc#1230230 * bsc#1230233 * bsc#1230244 * bsc#1230245 * bsc#1230247 * bsc#1230248 * bsc#1230269 * bsc#1230339 * bsc#1230340 * bsc#1230392 * bsc#1230398 * bsc#1230431 * bsc#1230433 * bsc#1230434 * bsc#1230440 * bsc#1230442 * bsc#1230444 * bsc#1230450 * bsc#1230451 * bsc#1230454 * bsc#1230506 * bsc#1230507 * bsc#1230511 * bsc#1230515 * bsc#1230517 * bsc#1230524 * bsc#1230533 * bsc#1230535 * bsc#1230549 * bsc#1230556 * bsc#1230582 * bsc#1230589 * bsc#1230591 * bsc#1230592 * bsc#1230699 * bsc#1230700 * bsc#1230701 * bsc#1230702 * bsc#1230703 * bsc#1230705 * bsc#1230706 * bsc#1230707 * bsc#1230709 * bsc#1230710 * bsc#1230711 * bsc#1230712 * bsc#1230719 * bsc#1230724 * bsc#1230725 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230733 * bsc#1230747 * bsc#1230748 * bsc#1230751 * bsc#1230752 * bsc#1230756 * bsc#1230761 * bsc#1230766 * bsc#1230767 * bsc#1230768 * bsc#1230771 * bsc#1230772 * bsc#1230776 * bsc#1230783 * bsc#1230786 * bsc#1230791 * bsc#1230794 * bsc#1230796 * bsc#1230802 * bsc#1230806 * bsc#1230808 * bsc#1230810 * bsc#1230812 * bsc#1230813 * bsc#1230814 * bsc#1230815 * bsc#1230821 * bsc#1230825 * bsc#1230830 * bsc#1231013 * bsc#1231017 * bsc#1231116 * bsc#1231120 * bsc#1231146 * bsc#1231180 * bsc#1231181 Cross-References: * CVE-2022-48901 * CVE-2022-48911 * CVE-2022-48923 * CVE-2022-48935 * CVE-2022-48944 * CVE-2022-48945 * CVE-2023-52610 * CVE-2023-52916 * CVE-2024-26640 * CVE-2024-26759 * CVE-2024-26767 * CVE-2024-26804 * CVE-2024-26837 * CVE-2024-37353 * CVE-2024-38538 * CVE-2024-38596 * CVE-2024-38632 * CVE-2024-40910 * CVE-2024-40973 * CVE-2024-40983 * CVE-2024-41062 * CVE-2024-41082 * CVE-2024-42154 * CVE-2024-42259 * CVE-2024-42265 * CVE-2024-42304 * CVE-2024-42305 * CVE-2024-42306 * CVE-2024-43828 * CVE-2024-43835 * CVE-2024-43890 * CVE-2024-43898 * CVE-2024-43912 * CVE-2024-43914 * CVE-2024-44935 * CVE-2024-44944 * CVE-2024-44946 * CVE-2024-44948 * CVE-2024-44950 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44967 * CVE-2024-44969 * CVE-2024-44970 * CVE-2024-44971 * CVE-2024-44972 * CVE-2024-44977 * CVE-2024-44982 * CVE-2024-44986 * CVE-2024-44987 * CVE-2024-44988 * CVE-2024-44989 * CVE-2024-44990 * CVE-2024-44998 * CVE-2024-44999 * CVE-2024-45000 * CVE-2024-45001 * CVE-2024-45003 * CVE-2024-45006 * CVE-2024-45007 * CVE-2024-45008 * CVE-2024-45011 * CVE-2024-45013 * CVE-2024-45015 * CVE-2024-45018 * CVE-2024-45020 * CVE-2024-45021 * CVE-2024-45026 * CVE-2024-45028 * CVE-2024-45029 * CVE-2024-46673 * CVE-2024-46674 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46689 * CVE-2024-46694 * CVE-2024-46702 * CVE-2024-46707 * CVE-2024-46714 * CVE-2024-46715 * CVE-2024-46717 * CVE-2024-46720 * CVE-2024-46721 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46724 * CVE-2024-46725 * CVE-2024-46726 * CVE-2024-46727 * CVE-2024-46728 * CVE-2024-46730 * CVE-2024-46731 * CVE-2024-46732 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46746 * CVE-2024-46747 * CVE-2024-46750 * CVE-2024-46751 * CVE-2024-46752 * CVE-2024-46753 * CVE-2024-46755 * CVE-2024-46756 * CVE-2024-46758 * CVE-2024-46759 * CVE-2024-46761 * CVE-2024-46771 * CVE-2024-46772 * CVE-2024-46773 * CVE-2024-46774 * CVE-2024-46778 * CVE-2024-46780 * CVE-2024-46781 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46786 * CVE-2024-46787 * CVE-2024-46791 * CVE-2024-46794 * CVE-2024-46798 * CVE-2024-46822 * CVE-2024-46830 CVSS scores: * CVE-2022-48901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48923 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-48923 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48923 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48935 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-48944 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52610 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26759 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26767 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-26767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26804 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26837 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-37353 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38596 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40910 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40910 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-40973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40983 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41062 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42259 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42259 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-42259 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-42304 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43912 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43912 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44967 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44967 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44972 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44972 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44977 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-45018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45028 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45028 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46724 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46724 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46725 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46725 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46726 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46726 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46727 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46727 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46732 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46746 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46746 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46746 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46747 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46747 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46747 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46752 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46752 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46756 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46756 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46758 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46758 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46780 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46786 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46786 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46791 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46794 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46794 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-46798 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46830 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves 130 vulnerabilities and has 34 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) * CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) * CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). * CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). * CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). * CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). * CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). * CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). * CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). * CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). * CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). * CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). * CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). * CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). * CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). * CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). * CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). * CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) * CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). * CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). * CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). * CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). * CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). * CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). * CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). * CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). * CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). * CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). * CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). * CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). * CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). * CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). * CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). * CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). * CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). * CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) * CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) * CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) * CVE-2024-46707: KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (bsc#1230582). * CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). * CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). * CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) * CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) * CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). * CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). * CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). The following non-security bugs were fixed: * ACPI: battery: create alarm sysfs attribute atomically (git-fixes). * ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). * ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git- fixes). * ACPI: processor: Fix memory leaks in error paths of processor_add() (stable- fixes). * ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). * ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). * ACPI: sysfs: validate return type of _STR method (git-fixes). * af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). * af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). * af_unix: Fix data-races around sk->sk_shutdown (git-fixes). * ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). * ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). * ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). * ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). * ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). * apparmor: fix possible NULL pointer dereference (stable-fixes). * arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). * arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git- fixes). * arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git- fixes). * arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). * arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) * arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) * arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) * arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) * arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) * ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). * ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). * ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). * ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). * ASoC: tegra: Fix CBB error during probe() (git-fixes). * ASoC: topology: Properly initialize soc_enum values (stable-fixes). * ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). * ata: pata_macio: Use WARN instead of BUG (stable-fixes). * blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). * blk-mq: add number of queue calc helper (bsc#1229034). * blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). * blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). * blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). * blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). * blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). * Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). * Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). * Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git- fixes). * Bluetooth: L2CAP: Fix deadlock (git-fixes). * Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). * cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). * cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). * can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). * can: bcm: Remove proc entry when dev is unregistered (git-fixes). * can: j1939: use correct function name in comment (git-fixes). * can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git- fixes). * cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). * ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). * char: xillybus: Check USB endpoints when probing device (git-fixes). * clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). * clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git- fixes). * clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). * cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). * crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). * crypto: virtio - Handle dataq logic with tasklet (git-fixes). * crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). * crypto: xor - fix template benchmarking (git-fixes). * devres: Initialize an uninitialized struct member (stable-fixes). * driver core: Add debug logs when fwnode links are added/deleted (git-fixes). * driver core: Add missing parameter description to __fwnode_link_add() (git- fixes). * driver core: Create __fwnode_link_del() helper function (git-fixes). * driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). * driver core: fw_devlink: Consolidate device link flag computation (git- fixes). * driver core: Set deferred probe reason when deferred by driver core (git- fixes). * drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). * Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). * Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). * drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). * drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). * drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). * drm/amd/amdgpu: Properly tune the size of struct (git-fixes). * drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). * drm/amd/display: added NULL check at start of dc_validate_stream (stable- fixes). * drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). * drm/amd/display: Check denominator pbn_div before used (stable-fixes). * drm/amd/display: Check gpio_id before used as array index (stable-fixes). * drm/amd/display: Check HDCP returned status (stable-fixes). * drm/amd/display: Check msg_id before processing transcation (stable-fixes). * drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). * drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). * drm/amd/display: Ensure index calculation will not overflow (stable-fixes). * drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). * drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). * drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable- fixes). * drm/amd/display: Spinlock before reading event (stable-fixes). * drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). * drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). * drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). * drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). * drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). * drm/amdgpu: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: fix dereference after null check (stable-fixes). * drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). * drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). * drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). * drm/amdgpu: fix overflowed array index read warning (stable-fixes). * drm/amdgpu: Fix smatch static checker warning (stable-fixes). * drm/amdgpu: fix the waring dereferencing hive (stable-fixes). * drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). * drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable- fixes). * drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). * drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable- fixes). * drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). * drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). * drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). * drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). * drm/amdgpu: update type of buf size to u32 for eeprom functions (stable- fixes). * drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). * drm/amd/pm: check negtive return for table entries (stable-fixes). * drm/amd/pm: check specific index for aldebaran (stable-fixes). * drm/amd/pm: Fix negative array index read (stable-fixes). * drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable- fixes). * drm/amd/pm: fix uninitialized variable warning (stable-fixes). * drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable- fixes). * drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). * drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). * drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). * drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git- fixes). * drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). * drm/meson: plane: Add error handling (stable-fixes). * drm/msm/a5xx: disable preemption in submits by default (git-fixes). * drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). * drm/msm/a5xx: properly clear preemption records on resume (git-fixes). * drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). * drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). * drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) * drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). * drm/msm: fix %s null argument error (git-fixes). * drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). * drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git- fixes). * drm/radeon: fix null pointer dereference in radeon_add_common_modes (git- fixes). * drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git- fixes). * drm/rockchip: vop: Allow 4096px width scaling (git-fixes). * drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). * exfat: fix memory leak in exfat_load_bitmap() (git-fixes). * fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). * filemap: remove use of wait bookmarks (bsc#1224085). * firmware_loader: Block path traversal (git-fixes). * fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). * fuse: update stats for pages in dropped aux writeback list (bsc#1230130). * fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). * genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). * genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). * genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). * genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). * genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). * genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). * genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). * gfs2: setattr_chown: Add missing initialization (git-fixes). * HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). * HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable- fixes). * hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable- fixes). * hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). * hwmon: (ntc_thermistor) fix module autoloading (git-fixes). * hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). * hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git- fixes). * hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git- fixes). * hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). * i2c: aspeed: Update the stop sw state when the bus recovery occurs (git- fixes). * i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). * i2c: isch: Add missed 'else' (git-fixes). * i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). * i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). * i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable- fixes). * IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) * IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git- fixes) * iio: adc: ad7124: fix chip ID mismatch (git-fixes). * iio: adc: ad7124: fix config comparison (git-fixes). * iio: adc: ad7606: fix oversampling gpio array (git-fixes). * iio: adc: ad7606: fix standby gpio state to match the documentation (git- fixes). * iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). * iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git- fixes). * iio: fix scale application in iio_convert_raw_to_processed_unlocked (git- fixes). * iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). * Input: ilitek_ts_i2c - add report id message validation (git-fixes). * Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). * Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * Input: uinput - reject requests with unreasonable number of slots (stable- fixes). * ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). * ipmi:ssif: Improve detecting during probing (bsc#1228771) * ipmi:ssif: Improve detecting during probing (bsc#1228771) * jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). * kabi: add __nf_queue_get_refs() for kabi compliance. * kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). * lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). * lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). * lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). * mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). * mailbox: rockchip: fix a typo in module autoloading (git-fixes). * media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) * media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). * media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). * media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (git-fixes). * media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). * media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). * media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). * media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). * media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). * media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). * media: vivid: fix wrong sizeimage value for mplane (stable-fixes). * mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). * mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). * mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). * mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). * mtd: slram: insert break after errors in parsing the map (git-fixes). * net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). * net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git- fixes). * net: missing check virtio (git-fixes). * net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). * nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). * NFSD: Fix frame size warning in svc_export_parse() (git-fixes). * NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). * NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). * NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). * NFS: Reduce use of uncached readdir (bsc#1226662). * NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). * nilfs2: Constify struct kobj_type (git-fixes). * nilfs2: determine empty node blocks as corrupted (git-fixes). * nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). * nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). * nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). * nilfs2: fix state management in error path of log writing function (git- fixes). * nilfs2: protect references to superblock parameters exposed in sysfs (git- fixes). * nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). * nilfs2: use default_groups in kobj_type (git-fixes). * nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). * nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). * nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). * nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). * nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). * nvmet-tcp: do not continue for invalid icreq (git-fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * nvmet-trace: avoid dereferencing pointer too early (git-fixes). * ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). * PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). * PCI/ASPM: Move pci_function_0() upward (bsc#1226915) * PCI/ASPM: Remove struct aspm_latency (bsc#1226915) * PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) * PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) * PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). * PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). * PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). * pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). * PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable- fixes). * PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). * PCI: Support BAR sizes up to 8TB (bsc#1231017) * PCI: Wait for Link before restoring Downstream Buses (git-fixes). * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). * PCI: xilinx-nwl: Fix register misspelling (git-fixes). * pcmcia: Use resource_size function on resource object (stable-fixes). * pinctrl: single: fix missing error code in pcs_probe() (git-fixes). * pinctrl: single: fix potential NULL dereference in pcs_get_function() (git- fixes). * PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). * platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). * platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). * platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git- fixes). * power: supply: axp20x_battery: Remove design from min and max voltage (git- fixes). * power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). * power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). * power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/efa: Properly handle unexpected AQ completions (git-fixes) * RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) * RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) * RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) * RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git- fixes) * RDMA/hns: Optimize hem allocation performance (git-fixes) * RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) * RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) * RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git- fixes) * Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). * Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (git-fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (git-fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (stable-fixes). * rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). * scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). * scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). * scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429). * scsi: lpfc: Fix overflow build issue (bsc#1229429). * scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). * scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). * scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). * scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). * scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). * scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). * scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). * scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). * scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). * scsi: use block layer helpers to calculate num of queues (bsc#1229034). * spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). * Squashfs: sanity check symbolic link size (git-fixes). * staging: iio: frequency: ad9834: Validate frequency parameter value (git- fixes). * thunderbolt: Mark XDomain as unplugged when router is removed (stable- fixes). * tomoyo: fallback to realpath if symlink's pathname does not exist (git- fixes). * tools/virtio: fix build (git-fixes). * tpm: Clean up TPM space after command failure (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). * udp: fix receiving fraglist GSO packets (git-fixes). * uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git- fixes). * usb: cdnsp: Fix incorrect usb_request status (git-fixes). * USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). * usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). * usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). * usb: dwc3: core: Prevent USB core invalid event buffer address access (git- fixes). * usb: dwc3: core: Skip setting event buffers for host only controllers (git- fixes). * usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). * usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). * usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). * usb: dwc3: st: add missing depopulate in probe error path (git-fixes). * usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). * usbip: Do not submit special requests twice (stable-fixes). * usbnet: fix cyclical race on disconnect with work queue (git-fixes). * usbnet: ipheth: race between ipheth_close and error handling (git-fixes). * usbnet: modern method to get random MAC (git-fixes). * USB: serial: kobil_sct: restore initial terminal settings (git-fixes). * USB: serial: option: add MeiG Smart SRM825L (git-fixes). * usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). * usb: uas: set host status byte on data completion error (git-fixes). * usb: uas: set host status byte on data completion error (stable-fixes). * USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). * usb: xhci: fix loss of data on Cadence xHC (git-fixes). * vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). * vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). * virito: add APIs for retrieving vq affinity (bsc#1229034). * virtio-blk: Ensure no requests in virtqueues before deleting vqs (git- fixes). * virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). * virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). * virtiofs: forbid newlines in tags (bsc#1230591). * virtio_net: checksum offloading handling fix (git-fixes). * virtio_net: Fix "'%d' directive writing between 1 and 11 bytes into a region of size 10" warnings (git-fixes). * virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). * virtio: reenable config if freezing device failed (git-fixes). * virtio/vsock: fix logic which reduces credit update messages (git-fixes). * VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). * vsock/virtio: add support for device suspend/resume (git-fixes). * vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). * vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). * vsock/virtio: remove socket from connected/bound list on shutdown (git- fixes). * watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). * wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). * wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git- fixes). * wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). * wifi: iwlwifi: mvm: increase the time between ranging measurements (git- fixes). * wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git- fixes). * wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git- fixes). * wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). * wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). * wifi: rtw88: always wait for both firmware loading attempts (git-fixes). * wifi: rtw88: remove CPT execution branch never used (git-fixes). * wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). * x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). * x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). * x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). * x86/xen: Convert comma to semicolon (git-fixes). * xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). * xen: allow mapping ACPI data using a different physical address (bsc#1226003). * xen: introduce generic helper checking for memory map conflicts (bsc#1226003). * xen: move checks for e820 conflicts further up (bsc#1226003). * xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). * xen/swiotlb: add alignment check for dma buffers (bsc#1229928). * xen/swiotlb: fix allocated size (git-fixes). * xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). * xen: use correct end address of kernel for conflict checking (bsc#1226003). * xfs: do not include bnobt blocks when reserving free block pool (git-fixes). * xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git- fixes). * xz: cleanup CRC32 edits from 2018 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3569=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3569=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3569=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3569=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-3569=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3569=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-3569=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3569=1 ## Package List: * openSUSE Leap Micro 5.5 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150500.55.83.1 * openSUSE Leap Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.83.1.150500.6.37.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.83.1 * kernel-default-debuginfo-5.14.21-150500.55.83.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.83.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.83.1.150500.6.37.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.83.1 * kernel-default-debuginfo-5.14.21-150500.55.83.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.83.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debuginfo-5.14.21-150500.55.83.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.83.1 * kernel-64kb-devel-5.14.21-150500.55.83.1 * kernel-64kb-debugsource-5.14.21-150500.55.83.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.83.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.83.1.150500.6.37.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.83.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.83.1 * kernel-default-debuginfo-5.14.21-150500.55.83.1 * kernel-default-devel-5.14.21-150500.55.83.1 * Basesystem Module 15-SP5 (noarch) * kernel-devel-5.14.21-150500.55.83.1 * kernel-macros-5.14.21-150500.55.83.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.83.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.83.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.83.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.83.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150500.55.83.1 * kernel-obs-build-5.14.21-150500.55.83.1 * kernel-syms-5.14.21-150500.55.83.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.83.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.83.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.83.1 * kernel-default-debugsource-5.14.21-150500.55.83.1 * reiserfs-kmp-default-5.14.21-150500.55.83.1 * kernel-default-debuginfo-5.14.21-150500.55.83.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.83.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.83.1 * kernel-default-debuginfo-5.14.21-150500.55.83.1 * kernel-default-livepatch-5.14.21-150500.55.83.1 * kernel-livepatch-5_14_21-150500_55_83-default-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5_Update_20-debugsource-1-150500.11.3.1 * kernel-default-livepatch-devel-5.14.21-150500.55.83.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-5.14.21-150500.55.83.1 * ocfs2-kmp-default-5.14.21-150500.55.83.1 * dlm-kmp-default-5.14.21-150500.55.83.1 * kernel-default-debugsource-5.14.21-150500.55.83.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.83.1 * kernel-default-debuginfo-5.14.21-150500.55.83.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.83.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.83.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.83.1 * cluster-md-kmp-default-5.14.21-150500.55.83.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.83.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.83.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150500.55.83.1 * kernel-default-debugsource-5.14.21-150500.55.83.1 * kernel-default-debuginfo-5.14.21-150500.55.83.1 * kernel-default-extra-5.14.21-150500.55.83.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48901.html * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48923.html * https://www.suse.com/security/cve/CVE-2022-48935.html * https://www.suse.com/security/cve/CVE-2022-48944.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2023-52610.html * https://www.suse.com/security/cve/CVE-2023-52916.html * https://www.suse.com/security/cve/CVE-2024-26640.html * https://www.suse.com/security/cve/CVE-2024-26759.html * https://www.suse.com/security/cve/CVE-2024-26767.html * https://www.suse.com/security/cve/CVE-2024-26804.html * https://www.suse.com/security/cve/CVE-2024-26837.html * https://www.suse.com/security/cve/CVE-2024-37353.html * https://www.suse.com/security/cve/CVE-2024-38538.html * https://www.suse.com/security/cve/CVE-2024-38596.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-40910.html * https://www.suse.com/security/cve/CVE-2024-40973.html * https://www.suse.com/security/cve/CVE-2024-40983.html * https://www.suse.com/security/cve/CVE-2024-41062.html * https://www.suse.com/security/cve/CVE-2024-41082.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42259.html * https://www.suse.com/security/cve/CVE-2024-42265.html * https://www.suse.com/security/cve/CVE-2024-42304.html * https://www.suse.com/security/cve/CVE-2024-42305.html * https://www.suse.com/security/cve/CVE-2024-42306.html * https://www.suse.com/security/cve/CVE-2024-43828.html * https://www.suse.com/security/cve/CVE-2024-43835.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43898.html * https://www.suse.com/security/cve/CVE-2024-43912.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44935.html * https://www.suse.com/security/cve/CVE-2024-44944.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44950.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44967.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44970.html * https://www.suse.com/security/cve/CVE-2024-44971.html * https://www.suse.com/security/cve/CVE-2024-44972.html * https://www.suse.com/security/cve/CVE-2024-44977.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44986.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44988.html * https://www.suse.com/security/cve/CVE-2024-44989.html * https://www.suse.com/security/cve/CVE-2024-44990.html * https://www.suse.com/security/cve/CVE-2024-44998.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45000.html * https://www.suse.com/security/cve/CVE-2024-45001.html * https://www.suse.com/security/cve/CVE-2024-45003.html * https://www.suse.com/security/cve/CVE-2024-45006.html * https://www.suse.com/security/cve/CVE-2024-45007.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-45011.html * https://www.suse.com/security/cve/CVE-2024-45013.html * https://www.suse.com/security/cve/CVE-2024-45015.html * https://www.suse.com/security/cve/CVE-2024-45018.html * https://www.suse.com/security/cve/CVE-2024-45020.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-45026.html * https://www.suse.com/security/cve/CVE-2024-45028.html * https://www.suse.com/security/cve/CVE-2024-45029.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46674.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46689.html * https://www.suse.com/security/cve/CVE-2024-46694.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46714.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46717.html * https://www.suse.com/security/cve/CVE-2024-46720.html * https://www.suse.com/security/cve/CVE-2024-46721.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46724.html * https://www.suse.com/security/cve/CVE-2024-46725.html * https://www.suse.com/security/cve/CVE-2024-46726.html * https://www.suse.com/security/cve/CVE-2024-46727.html * https://www.suse.com/security/cve/CVE-2024-46728.html * https://www.suse.com/security/cve/CVE-2024-46730.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46732.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46746.html * https://www.suse.com/security/cve/CVE-2024-46747.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46751.html * https://www.suse.com/security/cve/CVE-2024-46752.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46755.html * https://www.suse.com/security/cve/CVE-2024-46756.html * https://www.suse.com/security/cve/CVE-2024-46758.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46771.html * https://www.suse.com/security/cve/CVE-2024-46772.html * https://www.suse.com/security/cve/CVE-2024-46773.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46778.html * https://www.suse.com/security/cve/CVE-2024-46780.html * https://www.suse.com/security/cve/CVE-2024-46781.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46786.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46791.html * https://www.suse.com/security/cve/CVE-2024-46794.html * https://www.suse.com/security/cve/CVE-2024-46798.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://www.suse.com/security/cve/CVE-2024-46830.html * https://bugzilla.suse.com/show_bug.cgi?id=1199769 * https://bugzilla.suse.com/show_bug.cgi?id=1216223 * https://bugzilla.suse.com/show_bug.cgi?id=1220382 * https://bugzilla.suse.com/show_bug.cgi?id=1221610 * https://bugzilla.suse.com/show_bug.cgi?id=1221650 * https://bugzilla.suse.com/show_bug.cgi?id=1222629 * https://bugzilla.suse.com/show_bug.cgi?id=1222973 * https://bugzilla.suse.com/show_bug.cgi?id=1223600 * https://bugzilla.suse.com/show_bug.cgi?id=1223848 * https://bugzilla.suse.com/show_bug.cgi?id=1224085 * https://bugzilla.suse.com/show_bug.cgi?id=1225903 * https://bugzilla.suse.com/show_bug.cgi?id=1226003 * https://bugzilla.suse.com/show_bug.cgi?id=1226606 * https://bugzilla.suse.com/show_bug.cgi?id=1226662 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1226846 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1226875 * https://bugzilla.suse.com/show_bug.cgi?id=1226915 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227726 * https://bugzilla.suse.com/show_bug.cgi?id=1227819 * https://bugzilla.suse.com/show_bug.cgi?id=1227832 * https://bugzilla.suse.com/show_bug.cgi?id=1227890 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228576 * https://bugzilla.suse.com/show_bug.cgi?id=1228620 * https://bugzilla.suse.com/show_bug.cgi?id=1228771 * https://bugzilla.suse.com/show_bug.cgi?id=1229031 * https://bugzilla.suse.com/show_bug.cgi?id=1229034 * https://bugzilla.suse.com/show_bug.cgi?id=1229086 * https://bugzilla.suse.com/show_bug.cgi?id=1229156 * https://bugzilla.suse.com/show_bug.cgi?id=1229289 * https://bugzilla.suse.com/show_bug.cgi?id=1229334 * https://bugzilla.suse.com/show_bug.cgi?id=1229362 * https://bugzilla.suse.com/show_bug.cgi?id=1229363 * https://bugzilla.suse.com/show_bug.cgi?id=1229364 * https://bugzilla.suse.com/show_bug.cgi?id=1229394 * https://bugzilla.suse.com/show_bug.cgi?id=1229429 * https://bugzilla.suse.com/show_bug.cgi?id=1229453 * https://bugzilla.suse.com/show_bug.cgi?id=1229572 * https://bugzilla.suse.com/show_bug.cgi?id=1229573 * https://bugzilla.suse.com/show_bug.cgi?id=1229585 * https://bugzilla.suse.com/show_bug.cgi?id=1229607 * https://bugzilla.suse.com/show_bug.cgi?id=1229619 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1229662 * https://bugzilla.suse.com/show_bug.cgi?id=1229753 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229810 * https://bugzilla.suse.com/show_bug.cgi?id=1229830 * https://bugzilla.suse.com/show_bug.cgi?id=1229899 * https://bugzilla.suse.com/show_bug.cgi?id=1229928 * https://bugzilla.suse.com/show_bug.cgi?id=1229947 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230129 * https://bugzilla.suse.com/show_bug.cgi?id=1230130 * https://bugzilla.suse.com/show_bug.cgi?id=1230170 * https://bugzilla.suse.com/show_bug.cgi?id=1230171 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230175 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230180 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230192 * https://bugzilla.suse.com/show_bug.cgi?id=1230193 * https://bugzilla.suse.com/show_bug.cgi?id=1230194 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230209 * https://bugzilla.suse.com/show_bug.cgi?id=1230211 * https://bugzilla.suse.com/show_bug.cgi?id=1230212 * https://bugzilla.suse.com/show_bug.cgi?id=1230217 * https://bugzilla.suse.com/show_bug.cgi?id=1230224 * https://bugzilla.suse.com/show_bug.cgi?id=1230230 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230244 * https://bugzilla.suse.com/show_bug.cgi?id=1230245 * https://bugzilla.suse.com/show_bug.cgi?id=1230247 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230269 * https://bugzilla.suse.com/show_bug.cgi?id=1230339 * https://bugzilla.suse.com/show_bug.cgi?id=1230340 * https://bugzilla.suse.com/show_bug.cgi?id=1230392 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230431 * https://bugzilla.suse.com/show_bug.cgi?id=1230433 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230440 * https://bugzilla.suse.com/show_bug.cgi?id=1230442 * https://bugzilla.suse.com/show_bug.cgi?id=1230444 * https://bugzilla.suse.com/show_bug.cgi?id=1230450 * https://bugzilla.suse.com/show_bug.cgi?id=1230451 * https://bugzilla.suse.com/show_bug.cgi?id=1230454 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230507 * https://bugzilla.suse.com/show_bug.cgi?id=1230511 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230524 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230591 * https://bugzilla.suse.com/show_bug.cgi?id=1230592 * https://bugzilla.suse.com/show_bug.cgi?id=1230699 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230701 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230703 * https://bugzilla.suse.com/show_bug.cgi?id=1230705 * https://bugzilla.suse.com/show_bug.cgi?id=1230706 * https://bugzilla.suse.com/show_bug.cgi?id=1230707 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230710 * https://bugzilla.suse.com/show_bug.cgi?id=1230711 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230719 * https://bugzilla.suse.com/show_bug.cgi?id=1230724 * https://bugzilla.suse.com/show_bug.cgi?id=1230725 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230733 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230751 * https://bugzilla.suse.com/show_bug.cgi?id=1230752 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230766 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230768 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230772 * https://bugzilla.suse.com/show_bug.cgi?id=1230776 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230786 * https://bugzilla.suse.com/show_bug.cgi?id=1230791 * https://bugzilla.suse.com/show_bug.cgi?id=1230794 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230802 * https://bugzilla.suse.com/show_bug.cgi?id=1230806 * https://bugzilla.suse.com/show_bug.cgi?id=1230808 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230812 * https://bugzilla.suse.com/show_bug.cgi?id=1230813 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230821 * https://bugzilla.suse.com/show_bug.cgi?id=1230825 * https://bugzilla.suse.com/show_bug.cgi?id=1230830 * https://bugzilla.suse.com/show_bug.cgi?id=1231013 * https://bugzilla.suse.com/show_bug.cgi?id=1231017 * https://bugzilla.suse.com/show_bug.cgi?id=1231116 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://bugzilla.suse.com/show_bug.cgi?id=1231180 * https://bugzilla.suse.com/show_bug.cgi?id=1231181 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 12:36:34 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 12:36:34 -0000 Subject: SUSE-SU-2024:3567-1: important: Security update for the Linux Kernel Message-ID: <172847739435.6932.12421175333247407946@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3567-1 Release Date: 2024-10-09T09:46:04Z Rating: important References: * bsc#1226666 * bsc#1227487 * bsc#1229633 * bsc#1230015 * bsc#1230245 * bsc#1230326 * bsc#1230398 * bsc#1230434 * bsc#1230519 * bsc#1230767 Cross-References: * CVE-2022-48911 * CVE-2022-48945 * CVE-2024-44946 * CVE-2024-45003 * CVE-2024-45021 * CVE-2024-46695 * CVE-2024-46774 CVSS scores: * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves seven vulnerabilities and has three security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). The following non-security bugs were fixed: * ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326). * ext4: add reserved GDT blocks check (bsc#1230326). * ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326). * ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326). * kabi: add __nf_queue_get_refs() for kabi compliance. * No -rt specific changes this merge. * PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). * Revert "ext4: consolidate checks for resize of bigalloc into ext4_resize_begin" (bsc#1230326). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3567=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3567=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3567=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.187.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.187.1 * kernel-rt-debugsource-5.3.18-150300.187.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-source-rt-5.3.18-150300.187.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.187.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.187.1 * kernel-rt-debugsource-5.3.18-150300.187.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-source-rt-5.3.18-150300.187.1 * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.187.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.187.1 * kernel-rt-debugsource-5.3.18-150300.187.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * kernel-source-rt-5.3.18-150300.187.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-45003.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-46695.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230245 * https://bugzilla.suse.com/show_bug.cgi?id=1230326 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230519 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 12:37:50 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 12:37:50 -0000 Subject: SUSE-SU-2024:3566-1: important: Security update for the Linux Kernel Message-ID: <172847747094.6932.6045204308250089100@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3566-1 Release Date: 2024-10-09T09:43:40Z Rating: important References: * bsc#1054914 * bsc#1065729 * bsc#1207341 * bsc#1223777 * bsc#1225316 * bsc#1226669 * bsc#1226846 * bsc#1226860 * bsc#1226878 * bsc#1227487 * bsc#1227867 * bsc#1227890 * bsc#1227917 * bsc#1227941 * bsc#1227952 * bsc#1227953 * bsc#1228000 * bsc#1228002 * bsc#1228068 * bsc#1228507 * bsc#1228615 * bsc#1228620 * bsc#1228635 * bsc#1229334 * bsc#1229362 * bsc#1229363 * bsc#1229456 * bsc#1229457 * bsc#1229633 * bsc#1229645 * bsc#1229739 * bsc#1229753 * bsc#1229764 * bsc#1229768 * bsc#1229790 * bsc#1229830 * bsc#1229912 * bsc#1230015 * bsc#1230151 * bsc#1230171 * bsc#1230174 * bsc#1230176 * bsc#1230178 * bsc#1230180 * bsc#1230185 * bsc#1230200 * bsc#1230204 * bsc#1230212 * bsc#1230233 * bsc#1230248 * bsc#1230270 * bsc#1230398 * bsc#1230506 * bsc#1230515 * bsc#1230517 * bsc#1230533 * bsc#1230535 * bsc#1230549 * bsc#1230556 * bsc#1230582 * bsc#1230589 * bsc#1230620 * bsc#1230699 * bsc#1230700 * bsc#1230702 * bsc#1230707 * bsc#1230709 * bsc#1230710 * bsc#1230712 * bsc#1230719 * bsc#1230724 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230747 * bsc#1230748 * bsc#1230751 * bsc#1230752 * bsc#1230756 * bsc#1230761 * bsc#1230763 * bsc#1230767 * bsc#1230771 * bsc#1230772 * bsc#1230776 * bsc#1230783 * bsc#1230791 * bsc#1230796 * bsc#1230810 * bsc#1230814 * bsc#1230815 * bsc#1230826 * bsc#1231083 * bsc#1231084 * bsc#1231089 * bsc#1231120 * bsc#1231146 * bsc#1231184 Cross-References: * CVE-2021-4442 * CVE-2021-47387 * CVE-2021-47408 * CVE-2021-47620 * CVE-2021-47622 * CVE-2022-48788 * CVE-2022-48789 * CVE-2022-48790 * CVE-2022-48791 * CVE-2022-48799 * CVE-2022-48844 * CVE-2022-48911 * CVE-2022-48943 * CVE-2022-48945 * CVE-2023-52766 * CVE-2023-52915 * CVE-2024-27024 * CVE-2024-38381 * CVE-2024-38596 * CVE-2024-38632 * CVE-2024-40973 * CVE-2024-41000 * CVE-2024-41073 * CVE-2024-41079 * CVE-2024-41082 * CVE-2024-42154 * CVE-2024-42265 * CVE-2024-42305 * CVE-2024-42306 * CVE-2024-43884 * CVE-2024-43890 * CVE-2024-43898 * CVE-2024-43904 * CVE-2024-43912 * CVE-2024-43914 * CVE-2024-44946 * CVE-2024-44947 * CVE-2024-44948 * CVE-2024-44950 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44969 * CVE-2024-44972 * CVE-2024-44982 * CVE-2024-44987 * CVE-2024-44998 * CVE-2024-44999 * CVE-2024-45008 * CVE-2024-46673 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46702 * CVE-2024-46707 * CVE-2024-46714 * CVE-2024-46715 * CVE-2024-46717 * CVE-2024-46720 * CVE-2024-46721 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46727 * CVE-2024-46731 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46746 * CVE-2024-46747 * CVE-2024-46750 * CVE-2024-46753 * CVE-2024-46759 * CVE-2024-46761 * CVE-2024-46770 * CVE-2024-46772 * CVE-2024-46773 * CVE-2024-46774 * CVE-2024-46778 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46787 * CVE-2024-46822 * CVE-2024-46853 * CVE-2024-46854 * CVE-2024-46859 CVSS scores: * CVE-2021-4442 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-4442 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47387 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47408 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47620 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-47620 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2021-47622 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47622 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48788 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-48788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48799 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48844 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48844 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48943 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52766 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27024 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-38381 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38381 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38596 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-40973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41000 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41073 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41079 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-42305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43884 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43884 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43912 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43912 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44972 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44972 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46727 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46727 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46746 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46746 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46746 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46747 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46747 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46747 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46770 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46770 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46853 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46854 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46854 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves 90 vulnerabilities and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). * CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). * CVE-2024-41073: nvme: avoid double free special payload (bsc#1228635). * CVE-2024-41079: nvmet: always initialize cqe.result (bsc#1228615). * CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1231089). * CVE-2024-46853: spi: nxp-fspi: fix the KASAN report out-of-bounds bug (bsc#1231083). * CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). * CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-46731: drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709). * CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). * CVE-2024-46722: drm/amdgpu: fix mc_data out-of-bounds read warning (bsc#1230712). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (bsc#1230761). * CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (bsc#1230814). * CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots (bsc#1230748). * CVE-2024-46738: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (bsc#1230731). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-44982: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (bsc#1230204). * CVE-2024-46723: drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702). * CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783). * CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). * CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). * CVE-2024-46744: Squashfs: sanity check symbolic link size (bsc#1230747). * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). * CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) * CVE-2024-46675: usb: dwc3: core: Prevent USB core invalid event buffer address access (bsc#1230533). * CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46676: nfc: pn533: Add poll mod list filling check (bsc#1230535). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-46707: KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (bsc#1230582). * CVE-2022-48799: perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953). * CVE-2022-48789: nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1228000). * CVE-2022-48790: nvme: fix a possible use-after-free in controller reset during load (bsc#1227941). * CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867). * CVE-2024-44948: x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174). * CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1227952). * CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2022-48943: KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1229645). * CVE-2023-52915: media: dvb-usb-v2: af9035: fix missing unlock (bsc#1230270). * CVE-2022-48844: Bluetooth: hci_core: Fix leaking sent_cmd skb (bsc#1228068). * CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) * CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) * CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). * CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). * CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). * CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). * CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). * CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777). * CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176). * CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). * CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). * CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (bsc#1225316). * CVE-2024-44969: s390/sclp: Prevent release of buffer in I/O (bsc#1230200). * CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768) * CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) * CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). The following non-security bugs were fixed: * ACPI: EC: Avoid printing confusing messages in acpi_ec_setup() (git-fixes). * ACPI / EC: Clean up EC GPE mask flag (git-fixes). * ACPI: EC: Fix an EC event IRQ storming issue (git-fixes). * ACPI: EC: tweak naming in preparation for GpioInt support (git-fixes). * ACPI: SPCR: Consider baud rate 0 as preconfigured state (git-fixes). * ACPI: SPCR: work around clock issue on xgene UART (git-fixes). * ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment errata (git- fixes). * ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 (git-fixes). * af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). * af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). * af_unix: Fix data-races around sk->sk_shutdown (git-fixes). * autofs4: use wait_event_killable (bsc#1207341). * ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231184). * Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). * Fix bsc#1054914 reference. * fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230151). * kabi fix for proc/mounts: add cursor (bsc#1207341). * kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848) These are lowlevel functions not used outside of exception handling and kernel debugging facilities. * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * media: vivid: avoid integer overflow (git-fixes). * media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). * media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). * media: vivid: s_fbuf: add more sanity checks (git-fixes). * net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git- fixes). * net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git- fixes). * net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git- fixes). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * powerpc/32: Move the inline keyword at the beginning of function declaration (bsc#1230826 ltc#205848). * powerpc/64: Fix update forms of loads and stores to write 64-bit EA (bsc#1230826 ltc#205848). * powerpc: Add emulation for the addpcis instruction (bsc#1230826 ltc#205848). * powerpc: Change analyse_instr so it does not modify *regs (bsc#1230826 ltc#205848). * powerpc: Do not check MSR FP/VMX/VSX enable bits in analyse_instr() (bsc#1230826 ltc#205848). * powerpc: Do not update CR0 in emulation of popcnt, prty, bpermd instructions (bsc#1230826 ltc#205848). * powerpc: Emulate FP/vector/VSX loads/stores correctly when regs not live (bsc#1230826 ltc#205848). * powerpc: Emulate load/store floating double pair instructions (bsc#1230826 ltc#205848). * powerpc: Emulate load/store floating point as integer word instructions (bsc#1230826 ltc#205848). * powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848). * powerpc: Emulate vector element load/store instructions (bsc#1230826 ltc#205848). * powerpc: Fix emulation of the isel instruction (bsc#1230826 ltc#205848). * powerpc: Fix handling of alignment interrupt on dcbz instruction (bsc#1230826 ltc#205848). * powerpc: Fix kernel crash in emulation of vector loads and stores (bsc#1230826 ltc#205848). * powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1230826 ltc#205848). * powerpc: Handle most loads and stores in instruction emulation code (bsc#1230826 ltc#205848). * powerpc: Handle opposite-endian processes in emulation code (bsc#1230826 ltc#205848). * powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git- fixes). * powerpc/imc-pmu: Revert nest_init_lock to being a mutex (bsc#1065729). * powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729). * powerpc/kprobes: Update optprobes to use emulate_update_regs() (bsc#1230826 ltc#205848). * powerpc/lib: Fix "integer constant is too large" build failure (bsc#1230826 ltc#205848). * powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0 (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix count leading zeros instructions (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix fixed-point arithmetic instructions that set CA32 (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix fixed-point shift instructions that set CA32 (bsc#1230826 ltc#205848). * powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826 ltc#205848). * powerpc: Make load/store emulation use larger memory accesses (bsc#1230826 ltc#205848). * powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826 ltc#205848). * powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1065729). * powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). * powerpc: Separate out load/store emulation into its own function (bsc#1230826 ltc#205848). * powerpc: Set regs->dar if memory access fails in emulate_step() (bsc#1230826 ltc#205848). * powerpc sstep: Add support for cnttzw, cnttzd instructions (bsc#1230826 ltc#205848). * powerpc: sstep: Add support for darn instruction (bsc#1230826 ltc#205848). * powerpc/sstep: Add support for divde[.] and divdeu[.] instructions (bsc#1230826 ltc#205848). * powerpc sstep: Add support for extswsli instruction (bsc#1230826 ltc#205848). * powerpc: sstep: Add support for maddhd, maddhdu, maddld instructions (bsc#1230826 ltc#205848). * powerpc sstep: Add support for modsd, modud instructions (bsc#1230826 ltc#205848). * powerpc sstep: Add support for modsw, moduw instructions (bsc#1230826 ltc#205848). * powerpc/sstep: Avoid used uninitialized error (bsc#1230826 ltc#205848). * powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1230826 ltc#205848). * powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848). * powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1230826 ltc#205848). * powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848). * powerpc/sstep: Fix issues with set_cr0() (bsc#1230826 ltc#205848). * powerpc/sstep: Fix kernel crash if VSX is not present (bsc#1230826 ltc#205848). * powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848). * powerpc/sstep: mullw should calculate a 64 bit signed result (bsc#1230826 ltc#205848). * powerpc: Use instruction emulation infrastructure to handle alignment faults (bsc#1230826 ltc#205848). * powerpc: Wrap register number correctly for string load/store instructions (bsc#1230826 ltc#205848). * powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). * proc/mounts: add cursor (bsc#1207341). * profiling: fix shift too large makes kernel panic (git-fixes). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk" (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git- fixes). * usbnet: fix cyclical race on disconnect with work queue (git-fixes). * usbnet: modern method to get random MAC (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2024-3566=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * ocfs2-kmp-rt-4.12.14-10.203.1 * kernel-rt_debug-devel-4.12.14-10.203.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.203.1 * kernel-rt-debugsource-4.12.14-10.203.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.203.1 * kernel-rt_debug-debuginfo-4.12.14-10.203.1 * kernel-syms-rt-4.12.14-10.203.1 * cluster-md-kmp-rt-4.12.14-10.203.1 * kernel-rt_debug-debugsource-4.12.14-10.203.1 * kernel-rt-devel-4.12.14-10.203.1 * dlm-kmp-rt-4.12.14-10.203.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.203.1 * gfs2-kmp-rt-4.12.14-10.203.1 * kernel-rt-devel-debuginfo-4.12.14-10.203.1 * kernel-rt-base-4.12.14-10.203.1 * kernel-rt-debuginfo-4.12.14-10.203.1 * kernel-rt-base-debuginfo-4.12.14-10.203.1 * dlm-kmp-rt-debuginfo-4.12.14-10.203.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.203.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-source-rt-4.12.14-10.203.1 * kernel-devel-rt-4.12.14-10.203.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt_debug-4.12.14-10.203.1 * kernel-rt-4.12.14-10.203.1 ## References: * https://www.suse.com/security/cve/CVE-2021-4442.html * https://www.suse.com/security/cve/CVE-2021-47387.html * https://www.suse.com/security/cve/CVE-2021-47408.html * https://www.suse.com/security/cve/CVE-2021-47620.html * https://www.suse.com/security/cve/CVE-2021-47622.html * https://www.suse.com/security/cve/CVE-2022-48788.html * https://www.suse.com/security/cve/CVE-2022-48789.html * https://www.suse.com/security/cve/CVE-2022-48790.html * https://www.suse.com/security/cve/CVE-2022-48791.html * https://www.suse.com/security/cve/CVE-2022-48799.html * https://www.suse.com/security/cve/CVE-2022-48844.html * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48943.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2023-52766.html * https://www.suse.com/security/cve/CVE-2023-52915.html * https://www.suse.com/security/cve/CVE-2024-27024.html * https://www.suse.com/security/cve/CVE-2024-38381.html * https://www.suse.com/security/cve/CVE-2024-38596.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-40973.html * https://www.suse.com/security/cve/CVE-2024-41000.html * https://www.suse.com/security/cve/CVE-2024-41073.html * https://www.suse.com/security/cve/CVE-2024-41079.html * https://www.suse.com/security/cve/CVE-2024-41082.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42265.html * https://www.suse.com/security/cve/CVE-2024-42305.html * https://www.suse.com/security/cve/CVE-2024-42306.html * https://www.suse.com/security/cve/CVE-2024-43884.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43898.html * https://www.suse.com/security/cve/CVE-2024-43904.html * https://www.suse.com/security/cve/CVE-2024-43912.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44947.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44950.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44972.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44998.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46714.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46717.html * https://www.suse.com/security/cve/CVE-2024-46720.html * https://www.suse.com/security/cve/CVE-2024-46721.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46727.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46746.html * https://www.suse.com/security/cve/CVE-2024-46747.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46770.html * https://www.suse.com/security/cve/CVE-2024-46772.html * https://www.suse.com/security/cve/CVE-2024-46773.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46778.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://www.suse.com/security/cve/CVE-2024-46853.html * https://www.suse.com/security/cve/CVE-2024-46854.html * https://www.suse.com/security/cve/CVE-2024-46859.html * https://bugzilla.suse.com/show_bug.cgi?id=1054914 * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1207341 * https://bugzilla.suse.com/show_bug.cgi?id=1223777 * https://bugzilla.suse.com/show_bug.cgi?id=1225316 * https://bugzilla.suse.com/show_bug.cgi?id=1226669 * https://bugzilla.suse.com/show_bug.cgi?id=1226846 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1226878 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227867 * https://bugzilla.suse.com/show_bug.cgi?id=1227890 * https://bugzilla.suse.com/show_bug.cgi?id=1227917 * https://bugzilla.suse.com/show_bug.cgi?id=1227941 * https://bugzilla.suse.com/show_bug.cgi?id=1227952 * https://bugzilla.suse.com/show_bug.cgi?id=1227953 * https://bugzilla.suse.com/show_bug.cgi?id=1228000 * https://bugzilla.suse.com/show_bug.cgi?id=1228002 * https://bugzilla.suse.com/show_bug.cgi?id=1228068 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228615 * https://bugzilla.suse.com/show_bug.cgi?id=1228620 * https://bugzilla.suse.com/show_bug.cgi?id=1228635 * https://bugzilla.suse.com/show_bug.cgi?id=1229334 * https://bugzilla.suse.com/show_bug.cgi?id=1229362 * https://bugzilla.suse.com/show_bug.cgi?id=1229363 * https://bugzilla.suse.com/show_bug.cgi?id=1229456 * https://bugzilla.suse.com/show_bug.cgi?id=1229457 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1229645 * https://bugzilla.suse.com/show_bug.cgi?id=1229739 * https://bugzilla.suse.com/show_bug.cgi?id=1229753 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229768 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229830 * https://bugzilla.suse.com/show_bug.cgi?id=1229912 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230151 * https://bugzilla.suse.com/show_bug.cgi?id=1230171 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230180 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230212 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230270 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230620 * https://bugzilla.suse.com/show_bug.cgi?id=1230699 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230707 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230710 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230719 * https://bugzilla.suse.com/show_bug.cgi?id=1230724 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230751 * https://bugzilla.suse.com/show_bug.cgi?id=1230752 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230763 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230772 * https://bugzilla.suse.com/show_bug.cgi?id=1230776 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230791 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230826 * https://bugzilla.suse.com/show_bug.cgi?id=1231083 * https://bugzilla.suse.com/show_bug.cgi?id=1231084 * https://bugzilla.suse.com/show_bug.cgi?id=1231089 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://bugzilla.suse.com/show_bug.cgi?id=1231184 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 12:38:05 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 12:38:05 -0000 Subject: SUSE-SU-2024:3563-1: important: Security update for the Linux Kernel Message-ID: <172847748562.6932.232876972823467328@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3563-1 Release Date: 2024-10-09T09:04:26Z Rating: important References: * bsc#1216223 * bsc#1223600 * bsc#1223958 * bsc#1225272 * bsc#1227487 * bsc#1229407 * bsc#1229633 * bsc#1229662 * bsc#1229947 * bsc#1230015 * bsc#1230398 * bsc#1230434 * bsc#1230507 * bsc#1230767 * bsc#1231016 Cross-References: * CVE-2022-48911 * CVE-2022-48923 * CVE-2022-48944 * CVE-2022-48945 * CVE-2024-42301 * CVE-2024-44946 * CVE-2024-45021 * CVE-2024-46674 * CVE-2024-46774 CVSS scores: * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48923 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-48923 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48923 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-48944 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42301 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42301 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46674 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves nine vulnerabilities and has six security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) * CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). The following non-security bugs were fixed: * SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016). * blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). * blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). * kabi: add __nf_queue_get_refs() for kabi compliance. * scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). * scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3563=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3563=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3563=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3563=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.97.1 * kernel-rt-debuginfo-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-source-rt-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.97.1 * kernel-rt-debuginfo-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-source-rt-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.97.1 * kernel-rt-debuginfo-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-source-rt-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.97.1 * kernel-rt-debuginfo-5.14.21-150400.15.97.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-source-rt-5.14.21-150400.15.97.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48923.html * https://www.suse.com/security/cve/CVE-2022-48944.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2024-42301.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-46674.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://bugzilla.suse.com/show_bug.cgi?id=1216223 * https://bugzilla.suse.com/show_bug.cgi?id=1223600 * https://bugzilla.suse.com/show_bug.cgi?id=1223958 * https://bugzilla.suse.com/show_bug.cgi?id=1225272 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1229407 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1229662 * https://bugzilla.suse.com/show_bug.cgi?id=1229947 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230507 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1231016 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 12:41:01 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 12:41:01 -0000 Subject: SUSE-SU-2024:3561-1: important: Security update for the Linux Kernel Message-ID: <172847766182.6932.4428794318527882508@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3561-1 Release Date: 2024-10-09T08:45:37Z Rating: important References: * bsc#1012628 * bsc#1183045 * bsc#1215199 * bsc#1216223 * bsc#1216776 * bsc#1220382 * bsc#1221527 * bsc#1221610 * bsc#1221650 * bsc#1222629 * bsc#1223600 * bsc#1223848 * bsc#1225487 * bsc#1225812 * bsc#1225903 * bsc#1226003 * bsc#1226507 * bsc#1226606 * bsc#1226666 * bsc#1226846 * bsc#1226860 * bsc#1227487 * bsc#1227694 * bsc#1227726 * bsc#1227819 * bsc#1227885 * bsc#1227890 * bsc#1227962 * bsc#1228090 * bsc#1228140 * bsc#1228244 * bsc#1228507 * bsc#1228771 * bsc#1229001 * bsc#1229004 * bsc#1229019 * bsc#1229086 * bsc#1229167 * bsc#1229169 * bsc#1229289 * bsc#1229334 * bsc#1229362 * bsc#1229363 * bsc#1229364 * bsc#1229371 * bsc#1229380 * bsc#1229389 * bsc#1229394 * bsc#1229429 * bsc#1229443 * bsc#1229452 * bsc#1229455 * bsc#1229456 * bsc#1229494 * bsc#1229585 * bsc#1229753 * bsc#1229764 * bsc#1229768 * bsc#1229790 * bsc#1229810 * bsc#1229899 * bsc#1229928 * bsc#1230015 * bsc#1230119 * bsc#1230123 * bsc#1230124 * bsc#1230125 * bsc#1230169 * bsc#1230170 * bsc#1230171 * bsc#1230173 * bsc#1230174 * bsc#1230175 * bsc#1230176 * bsc#1230178 * bsc#1230180 * bsc#1230181 * bsc#1230185 * bsc#1230191 * bsc#1230192 * bsc#1230193 * bsc#1230194 * bsc#1230195 * bsc#1230200 * bsc#1230204 * bsc#1230206 * bsc#1230207 * bsc#1230209 * bsc#1230211 * bsc#1230213 * bsc#1230217 * bsc#1230221 * bsc#1230224 * bsc#1230230 * bsc#1230232 * bsc#1230233 * bsc#1230240 * bsc#1230244 * bsc#1230245 * bsc#1230247 * bsc#1230248 * bsc#1230269 * bsc#1230270 * bsc#1230295 * bsc#1230340 * bsc#1230426 * bsc#1230430 * bsc#1230431 * bsc#1230432 * bsc#1230433 * bsc#1230434 * bsc#1230435 * bsc#1230440 * bsc#1230441 * bsc#1230442 * bsc#1230444 * bsc#1230450 * bsc#1230451 * bsc#1230454 * bsc#1230455 * bsc#1230457 * bsc#1230459 * bsc#1230506 * bsc#1230507 * bsc#1230511 * bsc#1230515 * bsc#1230517 * bsc#1230518 * bsc#1230519 * bsc#1230520 * bsc#1230521 * bsc#1230524 * bsc#1230526 * bsc#1230533 * bsc#1230535 * bsc#1230539 * bsc#1230540 * bsc#1230549 * bsc#1230556 * bsc#1230562 * bsc#1230563 * bsc#1230564 * bsc#1230580 * bsc#1230582 * bsc#1230589 * bsc#1230602 * bsc#1230699 * bsc#1230700 * bsc#1230701 * bsc#1230702 * bsc#1230703 * bsc#1230704 * bsc#1230705 * bsc#1230706 * bsc#1230709 * bsc#1230711 * bsc#1230712 * bsc#1230715 * bsc#1230719 * bsc#1230722 * bsc#1230724 * bsc#1230725 * bsc#1230726 * bsc#1230727 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230747 * bsc#1230748 * bsc#1230749 * bsc#1230751 * bsc#1230752 * bsc#1230753 * bsc#1230756 * bsc#1230761 * bsc#1230766 * bsc#1230767 * bsc#1230768 * bsc#1230771 * bsc#1230772 * bsc#1230775 * bsc#1230776 * bsc#1230780 * bsc#1230783 * bsc#1230786 * bsc#1230787 * bsc#1230791 * bsc#1230794 * bsc#1230796 * bsc#1230802 * bsc#1230806 * bsc#1230808 * bsc#1230809 * bsc#1230810 * bsc#1230812 * bsc#1230813 * bsc#1230814 * bsc#1230815 * bsc#1230821 * bsc#1230825 * bsc#1230830 * bsc#1230831 * bsc#1230854 * bsc#1230948 * bsc#1231008 * bsc#1231035 * bsc#1231120 * bsc#1231146 * bsc#1231182 * bsc#1231183 * jsc#PED-10954 * jsc#PED-9899 Cross-References: * CVE-2023-52610 * CVE-2023-52752 * CVE-2023-52915 * CVE-2023-52916 * CVE-2024-26640 * CVE-2024-26759 * CVE-2024-26804 * CVE-2024-36953 * CVE-2024-38538 * CVE-2024-38596 * CVE-2024-38632 * CVE-2024-40965 * CVE-2024-40973 * CVE-2024-40983 * CVE-2024-42154 * CVE-2024-42243 * CVE-2024-42252 * CVE-2024-42265 * CVE-2024-42294 * CVE-2024-42304 * CVE-2024-42305 * CVE-2024-42306 * CVE-2024-43828 * CVE-2024-43832 * CVE-2024-43835 * CVE-2024-43845 * CVE-2024-43870 * CVE-2024-43890 * CVE-2024-43898 * CVE-2024-43904 * CVE-2024-43914 * CVE-2024-44935 * CVE-2024-44944 * CVE-2024-44946 * CVE-2024-44947 * CVE-2024-44948 * CVE-2024-44950 * CVE-2024-44951 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44960 * CVE-2024-44961 * CVE-2024-44962 * CVE-2024-44965 * CVE-2024-44967 * CVE-2024-44969 * CVE-2024-44970 * CVE-2024-44971 * CVE-2024-44977 * CVE-2024-44982 * CVE-2024-44984 * CVE-2024-44985 * CVE-2024-44986 * CVE-2024-44987 * CVE-2024-44988 * CVE-2024-44989 * CVE-2024-44990 * CVE-2024-44991 * CVE-2024-44997 * CVE-2024-44998 * CVE-2024-44999 * CVE-2024-45000 * CVE-2024-45001 * CVE-2024-45002 * CVE-2024-45003 * CVE-2024-45005 * CVE-2024-45006 * CVE-2024-45007 * CVE-2024-45008 * CVE-2024-45011 * CVE-2024-45012 * CVE-2024-45013 * CVE-2024-45015 * CVE-2024-45017 * CVE-2024-45018 * CVE-2024-45019 * CVE-2024-45020 * CVE-2024-45021 * CVE-2024-45022 * CVE-2024-45023 * CVE-2024-45026 * CVE-2024-45028 * CVE-2024-45029 * CVE-2024-45030 * CVE-2024-46672 * CVE-2024-46673 * CVE-2024-46674 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46687 * CVE-2024-46689 * CVE-2024-46691 * CVE-2024-46692 * CVE-2024-46693 * CVE-2024-46694 * CVE-2024-46695 * CVE-2024-46702 * CVE-2024-46706 * CVE-2024-46707 * CVE-2024-46709 * CVE-2024-46710 * CVE-2024-46714 * CVE-2024-46715 * CVE-2024-46716 * CVE-2024-46717 * CVE-2024-46719 * CVE-2024-46720 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46724 * CVE-2024-46725 * CVE-2024-46726 * CVE-2024-46728 * CVE-2024-46729 * CVE-2024-46730 * CVE-2024-46731 * CVE-2024-46732 * CVE-2024-46734 * CVE-2024-46735 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46741 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46746 * CVE-2024-46747 * CVE-2024-46749 * CVE-2024-46750 * CVE-2024-46751 * CVE-2024-46752 * CVE-2024-46753 * CVE-2024-46755 * CVE-2024-46756 * CVE-2024-46757 * CVE-2024-46758 * CVE-2024-46759 * CVE-2024-46760 * CVE-2024-46761 * CVE-2024-46767 * CVE-2024-46771 * CVE-2024-46772 * CVE-2024-46773 * CVE-2024-46774 * CVE-2024-46776 * CVE-2024-46778 * CVE-2024-46780 * CVE-2024-46781 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46786 * CVE-2024-46787 * CVE-2024-46791 * CVE-2024-46794 * CVE-2024-46797 * CVE-2024-46798 * CVE-2024-46822 CVSS scores: * CVE-2023-52610 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26759 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26804 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36953 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38538 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38596 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40965 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-40973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40983 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42243 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42243 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42243 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42252 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42252 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42252 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-42294 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42294 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42304 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43832 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43845 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43870 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43904 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44951 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44960 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-44960 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N * CVE-2024-44960 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44961 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-44961 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44961 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44962 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-44962 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44962 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44965 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44967 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44967 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44977 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44984 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-44985 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44985 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44997 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44997 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45002 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45002 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45005 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45012 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45012 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45017 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-45018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45019 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45019 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45023 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45023 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45028 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45028 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45030 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46672 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46672 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46687 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46687 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46691 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46692 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46692 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46693 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46706 ( SUSE ): 4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46709 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46709 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46710 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46710 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46716 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-46717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46719 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46719 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46724 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46724 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46725 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46725 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46726 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46726 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46729 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46732 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46734 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46734 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46735 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46735 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46735 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46741 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-46741 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46741 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46746 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46746 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46746 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46747 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46747 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46747 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46749 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46749 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46749 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46752 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46752 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46756 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46756 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46757 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46757 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46757 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46758 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46758 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46760 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46760 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46760 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46767 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46776 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46780 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46786 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46786 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46791 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46794 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46794 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-46797 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46797 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46797 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 An update that solves 162 vulnerabilities, contains two features and has 48 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). * CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). * CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). * CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). * CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). * CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). * CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). * CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). * CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). * CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). * CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001). * CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). * CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). * CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371). * CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). * CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). * CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). * CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). * CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). * CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389). * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). * CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). * CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181). * CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). * CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). * CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). * CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206). * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). * CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). * CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). * CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). * CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). * CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). * CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). * CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). * CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). * CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). * CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). * CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). * CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). * CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). * CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). * CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). * CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). * CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). * CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). * CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). * CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: * ABI: testing: fix admv8818 attr description (git-fixes). * ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). * ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). * ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git- fixes). * ACPI: processor: Fix memory leaks in error paths of processor_add() (stable- fixes). * ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). * ACPI: sysfs: validate return type of _STR method (git-fixes). * ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE (stable-fixes). * ACPICA: executer/exsystem: Do not nag user about every Stall() violating the spec (git-fixes). * ALSA: control: Apply sanity check of input values for user elements (stable- fixes). * ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). * ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP (stable-fixes). * ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx (stable-fixes). * ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). * ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). * ALSA: hda/realtek: extend quirks for Clevo V5[46]0 (stable-fixes). * ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). * ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). * ALSA: hda: cs35l41: fix module autoloading (git-fixes). * ARM: 9406/1: Fix callchain_trace() return value (git-fixes). * ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). * ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). * ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git- fixes). * ASoC: cs42l42: Convert comma to semicolon (git-fixes). * ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). * ASoC: intel: fix module autoloading (stable-fixes). * ASoC: meson: Remove unused declartion in header file (git-fixes). * ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). * ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git- fixes). * ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). * ASoC: soc-ac97: Fix the incorrect description (git-fixes). * ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). * ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). * ASoC: tda7419: fix module autoloading (stable-fixes). * ASoC: tegra: Fix CBB error during probe() (git-fixes). * ASoC: topology: Properly initialize soc_enum values (stable-fixes). * ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). * ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). * Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). * Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). * Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). * Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). * Bluetooth: hci_event: Use HCI error defines instead of magic values (stable- fixes). * Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). * Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git- fixes). * Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). * Documentation: ioctl: document 0x07 ioctl code (git-fixes). * Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). * Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). * HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). * HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable- fixes). * HID: multitouch: Add support for GT7868Q (stable-fixes). * HID: wacom: Do not warn about dropped packets for first packet (git-fixes). * HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). * IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) * Input: adp5588-keys - fix check on return code (git-fixes). * Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). * Input: ili210x - use kvmalloc() to allocate buffer for firmware update (stable-fixes). * Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). * Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). * Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). * Input: tsc2004/5 - fix reset handling on probe (git-fixes). * Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). * Input: uinput - reject requests with unreasonable number of slots (stable- fixes). * KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). * KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). * KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). * KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). * KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). * KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git- fixes). * KVM: arm64: Do not re-initialize the KVM lock (git-fixes). * KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). * KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (git- fixes). * KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). * KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). * KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git- fixes). * KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). * Move fixes into sorted section (bsc#1230119) * NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). * NFSD: Fix frame size warning in svc_export_parse() (git-fixes). * NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). * NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). * PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). * PCI: Wait for Link before restoring Downstream Buses (git-fixes). * PCI: al: Check IORESOURCE_BUS existence during probe (stable-fixes). * PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). * PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ (git- fixes). * PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). * PCI: imx6: Fix missing call to phy_power_off() in error handling (git- fixes). * PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable- fixes). * PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). * PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). * PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). * PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/efa: Properly handle unexpected AQ completions (git-fixes) * RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) * RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) * RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) * RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) * RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git- fixes) * RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) * RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) * RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) * RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) * RDMA/hns: Optimize hem allocation performance (git-fixes) * RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) * RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) * RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) * RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) * RDMA/mlx5: Obtain upper net device only when needed (git-fixes) * RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) * RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git- fixes) * Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). * Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (git-fixes). * Revert "PCI: Extend ACS configurability (bsc#1228090)." (bsc#1229019) * Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" (stable- fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (git-fixes). * Revert "mm, kmsan: fix infinite recursion due to RCU critical section" * Revert "mm/sparsemem: fix race in accessing memory_section->usage" * Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()" * Squashfs: sanity check symbolic link size (git-fixes). * USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). * USB: serial: kobil_sct: restore initial terminal settings (git-fixes). * USB: serial: option: add MeiG Smart SRM825L (git-fixes). * USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). * USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). * VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). * afs: Do not cross .backup mountpoint from backup volume (git-fixes). * afs: Revert "afs: Hide silly-rename files from userspace" (git-fixes). * arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) * arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) * arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). * arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). * arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git- fixes). * arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). * arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git- fixes). * arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git- fixes). * arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). * arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git- fixes). * arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). * arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). * arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). * arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) * arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) * arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) * ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). * ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git- fixes). * ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). * ata: pata_macio: Use WARN instead of BUG (stable-fixes). * blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). * blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). * bpf, events: Use prog to emit ksymbol event for main program (git-fixes). * bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). * btrfs: fix race between direct IO write and fsync when using same fd (git- fixes). * btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). * bus: integrator-lm: fix OF node leak in probe() (git-fixes). * cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). * cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231183). * can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). * can: bcm: Remove proc entry when dev is unregistered (git-fixes). * can: j1939: use correct function name in comment (git-fixes). * can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). * can: m_can: Release irq on error in m_can_open (git-fixes). * can: m_can: enable NAPI before enabling interrupts (git-fixes). * can: m_can: m_can_close(): stop clocks after device has been shut down (git- fixes). * can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git- fixes). * can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). * can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode (git-fixes). * can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). * can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). * can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). * can: mcp251xfd: properly indent labels (stable-fixes). * can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). * can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). * cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). * cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (stable- fixes). * ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231182). * clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). * clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). * clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). * clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git- fixes). * clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). * clk: qcom: gcc-sc8280xp: do not use parking clk_ops for QUPs (git-fixes). * clk: qcom: gcc-sm8550: Do not park the USB RCG at registration time (git- fixes). * clk: qcom: gcc-sm8550: Do not use parking clk_ops for QUPs (git-fixes). * clk: qcom: ipq9574: Update the alpha PLL type for GPLLs (git-fixes). * clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). * clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (git- fixes). * clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (git-fixes). * clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). * cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable- fixes). * cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). * cpufreq: scmi: Avoid overflow of target_freq in fast switch (stable-fixes). * cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). * crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). * crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). * crypto: iaa - Fix potential use after free bug (git-fixes). * crypto: qat - fix unintentional re-enabling of error interrupts (stable- fixes). * crypto: xor - fix template benchmarking (git-fixes). * cxl/core: Fix incorrect vendor debug UUID define (git-fixes). * cxl/pci: Fix to record only non-zero ranges (git-fixes). * devres: Initialize an uninitialized struct member (stable-fixes). * dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). * dma-debug: avoid deadlock between dma debug vs printk and netconsole (stable-fixes). * dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (stable-fixes). * dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks (stable-fixes). * driver core: Fix a potential null-ptr-deref in module_add_driver() (git- fixes). * driver core: Fix error handling in driver API device_rename() (git-fixes). * driver: iio: add missing checks on iio_info's callback access (stable- fixes). * drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). * drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). * drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). * drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). * drm/amd/amdgpu: Properly tune the size of struct (git-fixes). * drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). * drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). * drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (stable-fixes). * drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). * drm/amd/display: Avoid overflow from uint32_t to uint8_t (stable-fixes). * drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). * drm/amd/display: Check BIOS images before it is used (stable-fixes). * drm/amd/display: Check HDCP returned status (stable-fixes). * drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). * drm/amd/display: Check denominator pbn_div before used (stable-fixes). * drm/amd/display: Check gpio_id before used as array index (stable-fixes). * drm/amd/display: Check index for aux_rd_interval before using (stable- fixes). * drm/amd/display: Check msg_id before processing transcation (stable-fixes). * drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). * drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). * drm/amd/display: Defer handling mst up request in resume (stable-fixes). * drm/amd/display: Disable error correction if it's not supported (stable- fixes). * drm/amd/display: Do not use fsleep for PSR exit waits on dmub replay (stable-fixes). * drm/amd/display: Ensure array index tg_inst won't be -1 (stable-fixes). * drm/amd/display: Ensure index calculation will not overflow (stable-fixes). * drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). * drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy (stable-fixes). * drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info (stable-fixes). * drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). * drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (stable-fixes). * drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 (stable-fixes). * drm/amd/display: Handle the case which quad_part is equal 0 (stable-fixes). * drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection (stable-fixes). * drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd (git-fixes). * drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). * drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). * drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable- fixes). * drm/amd/display: Solve mst monitors blank out problem after resume (git- fixes). * drm/amd/display: Spinlock before reading event (stable-fixes). * drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). * drm/amd/display: Wake DMCUB before sending a command for replay feature (stable-fixes). * drm/amd/display: added NULL check at start of dc_validate_stream (stable- fixes). * drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git- fixes). * drm/amd/display: use preferred link settings for dp signal only (stable- fixes). * drm/amd/pm: Fix negative array index read (stable-fixes). * drm/amd/pm: check negtive return for table entries (stable-fixes). * drm/amd/pm: check specific index for aldebaran (stable-fixes). * drm/amd/pm: check specific index for smu13 (stable-fixes). * drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable- fixes). * drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable- fixes). * drm/amd: Add gfx12 swizzle mode defs (stable-fixes). * drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). * drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). * drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). * drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable- fixes). * drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). * drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). * drm/amdgpu/swsmu: always force a state reprogram on init (stable-fixes). * drm/amdgpu: Fix get each xcp macro (git-fixes). * drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). * drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). * drm/amdgpu: Fix smatch static checker warning (stable-fixes). * drm/amdgpu: Fix the uninitialized variable warning (stable-fixes). * drm/amdgpu: Fix the warning division or modulo by zero (stable-fixes). * drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable- fixes). * drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl (stable- fixes). * drm/amdgpu: Handle sg size limit for contiguous allocation (stable-fixes). * drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). * drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb (stable-fixes). * drm/amdgpu: add lock in kfd_process_dequeue_from_device (stable-fixes). * drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). * drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes). * drm/amdgpu: align pp_power_profile_mode with kernel docs (stable-fixes). * drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). * drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). * drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). * drm/amdgpu: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: fix contiguous handling for IB parsing v2 (git-fixes). * drm/amdgpu: fix dereference after null check (stable-fixes). * drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). * drm/amdgpu: fix overflowed array index read warning (stable-fixes). * drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() (stable-fixes). * drm/amdgpu: fix the waring dereferencing hive (stable-fixes). * drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). * drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). * drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). * drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). * drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). * drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). * drm/amdgpu: update type of buf size to u32 for eeprom functions (stable- fixes). * drm/amdgu: fix Unintentional integer overflow for mall size (stable-fixes). * drm/amdkfd: Check debug trap enable before write dbg_ev_file (stable-fixes). * drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). * drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). * drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). * drm/drm-bridge: Drop conditionals around of_node pointers (stable-fixes). * drm/fb-helper: Do not schedule_work() to flush frame buffer during panic() (stable-fixes). * drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes). * drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). * drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git- fixes). * drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). * drm/i915: Do not attempt to load the GSC multiple times (git-fixes). * drm/kfd: Correct pinned buffer handling at kfd restore and validate process (stable-fixes). * drm/mediatek: Set sensible cursor width/height values to fix crash (stable- fixes). * drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). * drm/meson: plane: Add error handling (stable-fixes). * drm/msm/a5xx: disable preemption in submits by default (git-fixes). * drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). * drm/msm/a5xx: properly clear preemption records on resume (git-fixes). * drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). * drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). * drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). * drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). * drm/msm: fix %s null argument error (git-fixes). * drm/nouveau/fb: restore init() for ramgp102 (git-fixes). * drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git- fixes). * drm/radeon: fix null pointer dereference in radeon_add_common_modes (git- fixes). * drm/radeon: properly handle vbios fake edid sizing (git-fixes). * drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git- fixes). * drm/rockchip: vop: Allow 4096px width scaling (git-fixes). * drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). * drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). * drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). * drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). * drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). * drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). * drm: komeda: Fix an issue related to normalized zpos (stable-fixes). * drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). * drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). * drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). * ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). * erofs: fix incorrect symlink detection in fast symlink (git-fixes). * exfat: fix memory leak in exfat_load_bitmap() (git-fixes). * fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). * firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). * firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). * firmware_loader: Block path traversal (git-fixes). * fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). * fuse: fix memory leak in fuse_create_open (bsc#1230124). * fuse: update stats for pages in dropped aux writeback list (bsc#1230125). * fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230123). * gpio: modepin: Enable module autoloading (git-fixes). * gpio: rockchip: fix OF node leak in probe() (git-fixes). * hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). * hwmon: (k10temp) Check return value of amd_smn_read() (stable-fixes). * hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable- fixes). * hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). * hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (ntc_thermistor) fix module autoloading (git-fixes). * hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). * hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). * hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git- fixes). * hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git- fixes). * hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). * i2c: aspeed: Update the stop sw state when the bus recovery occurs (git- fixes). * i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). * i2c: isch: Add missed 'else' (git-fixes). * i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). * i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). * i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable- fixes). * iio: adc: ad7124: fix chip ID mismatch (git-fixes). * iio: adc: ad7124: fix config comparison (git-fixes). * iio: adc: ad7606: fix oversampling gpio array (git-fixes). * iio: adc: ad7606: fix standby gpio state to match the documentation (git- fixes). * iio: adc: ad7606: remove frstdata check for serial mode (git-fixes). * iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). * iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git- fixes). * iio: fix scale application in iio_convert_raw_to_processed_unlocked (git- fixes). * iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). * ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). * ipmi:ssif: Improve detecting during probing (bsc#1228771) * ipmi:ssif: Improve detecting during probing (bsc#1228771) * ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206) * jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). * kABI workaround for cros_ec stuff (git-fixes). * kabi: dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). * kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable- fixes). * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * leds: spi-byte: Call of_node_put() on error path (stable-fixes). * lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable- fixes). * lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). * mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). * mailbox: rockchip: fix a typo in module autoloading (git-fixes). * media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). * media: ov5675: Fix power on/off delay timings (git-fixes). * media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). * media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). * media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). * media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). * media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). * media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). * media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). * media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). * media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). * media: vivid: fix wrong sizeimage value for mplane (stable-fixes). * memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). * memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). * minmax: reduce min/max macro expansion in atomisp driver (git-fixes). * misc: fastrpc: Fix double free of 'buf' in error path (git-fixes). * mmc: core: apply SD quirks earlier during probe (git-fixes). * mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). * mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). * mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). * module: Fix KCOV-ignored file name (git-fixes). * mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). * mtd: slram: insert break after errors in parsing the map (git-fixes). * net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git- fixes). * net: phy: Fix missing of_node_put() for leds (git-fixes). * net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). * net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). * net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes). * nfsd: Do not leave work of closing files to a work queue (bsc#1228140). * nilfs2: determine empty node blocks as corrupted (git-fixes). * nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). * nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). * nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). * nilfs2: fix state management in error path of log writing function (git- fixes). * nilfs2: protect references to superblock parameters exposed in sysfs (git- fixes). * nouveau: fix the fwsec sb verification register (git-fixes). * nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). * nvme-multipath: system fails to create generic nvme device (bsc#1228244). * nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). * nvme-pci: allocate tagset on reset if necessary (git-fixes). * nvme-tcp: fix link failure for TCP auth (git-fixes). * nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). * nvme: clear caller pointer on identify failure (git-fixes). * nvme: fix namespace removal list (git-fixes). * nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). * nvmet-tcp: do not continue for invalid icreq (git-fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * nvmet-trace: avoid dereferencing pointer too early (git-fixes). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). * pcmcia: Use resource_size function on resource object (stable-fixes). * perf annotate: Introduce global annotation_options (git-fixes). * perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). * perf annotate: Use global annotation_options (git-fixes). * perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). * perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). * perf intel-pt: Fix exclude_guest setting (git-fixes). * perf machine thread: Remove exited threads by default (git-fixes). * perf maps: Move symbol maps functions to maps.c (git-fixes). * perf pmu: Assume sysfs events are always the same case (git-fixes). * perf pmus: Fixes always false when compare duplicates aliases (git-fixes). * perf record: Lazy load kernel symbols (git-fixes). * perf report: Convert to the global annotation_options (git-fixes). * perf report: Fix condition in sort__sym_cmp() (git-fixes). * perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). * perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). * perf tool: fix dereferencing NULL al->maps (git-fixes). * perf tools: Add/use PMU reverse lookup from config to name (git-fixes). * perf tools: Use pmus to describe type from attribute (git-fixes). * perf top: Convert to the global annotation_options (git-fixes). * perf/core: Fix missing wakeup when waiting for context reference (git- fixes). * perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git- fixes). * perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). * perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). * perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). * perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git- fixes). * perf/x86/intel/pt: Fix topa_entry base length (git-fixes). * perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git- fixes). * perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). * perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). * perf/x86/intel: Factor out the initialization code for SPR (git fixes). * perf/x86/intel: Limit the period on Haswell (git-fixes). * perf/x86/intel: Use the common uarch name for the shared functions (git fixes). * perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). * perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). * perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). * perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). * perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). * perf/x86/uncore: Save the unit control address of all units (bsc#1230119). * perf/x86/uncore: Support per PMU cpumask (bsc#1230119). * perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). * perf/x86: Serialize set_attr_rdpmc() (git-fixes). * perf: Fix default aux_watermark calculation (git-fixes). * perf: Fix event leak upon exit (git-fixes). * perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). * perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). * perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). * phy: zynqmp: Take the phy mutex in xlate (stable-fixes). * pinctrl: at91: make it work with current gpiolib (stable-fixes). * pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). * pinctrl: single: fix missing error code in pcs_probe() (git-fixes). * platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable- fixes). * platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). * platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). * platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). * platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). * platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git- fixes). * platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). * power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). * power: supply: axp20x_battery: Remove design from min and max voltage (git- fixes). * power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). * power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). * powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). * powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295 ltc#206656). * pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode (stable-fixes). * r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). * regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). * regmap: spi: Fix potential off-by-one when calculating reserved size (stable-fixes). * regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). * regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). * regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). * regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR (git-fixes). * regulator: rt5120: Convert comma to semicolon (git-fixes). * regulator: wm831x-isink: Convert comma to semicolon (git-fixes). * remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). * remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). * remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). * reset: berlin: fix OF node leak in probe() error path (git-fixes). * reset: k210: fix OF node leak in probe() error path (git-fixes). * resource: fix region_intersects() vs add_memory_driver_managed() (git- fixes). * rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc * rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). * s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). * s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). * s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). * s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). * s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). * scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). * scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). * scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). * scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). * scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). * scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). * selftests: lib: remove strscpy test (git-fixes). * selinux,smack: do not bypass permissions check in inode_setsecctx hook (stable-fixes). * soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). * soc: versatile: integrator: fix OF node leak in probe() error path (git- fixes). * spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). * spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). * spi: bcm63xx: Enable module autoloading (stable-fixes). * spi: bcm63xx: Fix module autoloading (git-fixes). * spi: meson-spicc: convert comma to semicolon (git-fixes). * spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). * spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). * spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). * spi: rockchip: Resolve unbalanced runtime PM / system PM handling (git- fixes). * spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). * spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). * spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). * spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). * staging: iio: frequency: ad9834: Validate frequency parameter value (git- fixes). * supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) * thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). * thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git- fixes). * thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git- fixes). * thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). * tomoyo: fallback to realpath if symlink's pathname does not exist (git- fixes). * tools/perf: Fix the string match for "/tmp/perf-$PID.map" files in dso__load (git-fixes). * tpm: Clean up TPM space after command failure (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). * uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git- fixes). * usb: cdnsp: Fix incorrect usb_request status (git-fixes). * usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). * usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). * usb: dwc3: Avoid waking up gadget during startxfer (git-fixes). * usb: dwc3: core: Prevent USB core invalid event buffer address access (git- fixes). * usb: dwc3: core: Prevent USB core invalid event buffer address access (stable-fixes). * usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). * usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). * usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). * usb: typec: ucsi: Wait 20ms before reading CCI after a reset (git-fixes). * usb: uas: set host status byte on data completion error (stable-fixes). * usbip: Do not submit special requests twice (stable-fixes). * usbnet: ipheth: add CDC NCM support (git-fixes). * usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). * usbnet: ipheth: drop RX URBs with no payload (git-fixes). * usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). * usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). * usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). * usbnet: ipheth: remove extraneous rx URB length check (git-fixes). * usbnet: ipheth: transmit URBs without trailing padding (git-fixes). * usbnet: modern method to get random MAC (git-fixes). * virtio-net: synchronize probe with ndo_set_features (git-fixes). * virtio_net: Fix napi_skb_cache_put warning (git-fixes). * virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). * watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). * wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() (stable- fixes). * wifi: ath12k: fix BSS chan info request WMI command (git-fixes). * wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). * wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). * wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). * wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes). * wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() (stable- fixes). * wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). * wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). * wifi: brcmfmac: introducing fwil query functions (git-fixes). * wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). * wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). * wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git- fixes). * wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git- fixes). * wifi: cfg80211: make hash table duplicates more survivable (stable-fixes). * wifi: cfg80211: restrict operation during radar detection (stable-fixes). * wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). * wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). * wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable- fixes). * wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). * wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). * wifi: iwlwifi: mvm: increase the time between ranging measurements (git- fixes). * wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). * wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). * wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD (stable-fixes). * wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). * wifi: mac80211: fix the comeback long retry times (git-fixes). * wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable- fixes). * wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git- fixes). * wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). * wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). * wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). * wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git- fixes). * wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). * wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). * wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). * wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). * wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). * wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). * wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). * wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). * wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). * wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). * wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). * wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). * wifi: rtw88: always wait for both firmware loading attempts (git-fixes). * wifi: rtw88: remove CPT execution branch never used (git-fixes). * wifi: rtw88: usb: schedule rx work after everything is set up (stable- fixes). * wifi: rtw89: ser: avoid multiple deinit on same CAM (stable-fixes). * wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). * wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). * x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). * x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). * x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). * x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). * x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops() (bsc#1221527). * x86/pat: Fix W^X violation false-positives when running as Xen PV guest (bsc#1221527). * x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527). * x86/pat: Restructure _lookup_address_cpa() (bsc#1221527). * xen/swiotlb: add alignment check for dma buffers (bsc#1229928). * xen/swiotlb: fix allocated size (git-fixes). * xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). * xen: allow mapping ACPI data using a different physical address (bsc#1226003). * xen: introduce generic helper checking for memory map conflicts (bsc#1226003). * xen: move checks for e820 conflicts further up (bsc#1226003). * xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). * xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). * xen: use correct end address of kernel for conflict checking (bsc#1226003). * xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git- fixes). * xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git- fixes). * xz: cleanup CRC32 edits from 2018 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3561=1 openSUSE-SLE-15.6-2024-3561=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3561=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3561=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-3561=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3561=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2024-3561=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3561=1 ## Package List: * openSUSE Leap 15.6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.25.2 * openSUSE Leap 15.6 (noarch) * kernel-docs-html-6.4.0-150600.23.25.2 * kernel-source-vanilla-6.4.0-150600.23.25.1 * kernel-devel-6.4.0-150600.23.25.1 * kernel-source-6.4.0-150600.23.25.1 * kernel-macros-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (nosrc ppc64le x86_64) * kernel-debug-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (ppc64le x86_64) * kernel-debug-debugsource-6.4.0-150600.23.25.1 * kernel-debug-devel-6.4.0-150600.23.25.1 * kernel-debug-debuginfo-6.4.0-150600.23.25.1 * kernel-debug-livepatch-devel-6.4.0-150600.23.25.1 * kernel-debug-devel-debuginfo-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (x86_64) * kernel-debug-vdso-6.4.0-150600.23.25.1 * kernel-default-vdso-debuginfo-6.4.0-150600.23.25.1 * kernel-kvmsmall-vdso-6.4.0-150600.23.25.1 * kernel-default-vdso-6.4.0-150600.23.25.1 * kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.25.1 * kernel-debug-vdso-debuginfo-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-6.4.0-150600.23.25.1 * kernel-kvmsmall-debugsource-6.4.0-150600.23.25.1 * kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.25.1 * kernel-kvmsmall-debuginfo-6.4.0-150600.23.25.1 * kernel-default-base-rebuild-6.4.0-150600.23.25.1.150600.12.10.2 * kernel-default-base-6.4.0-150600.23.25.1.150600.12.10.2 * kernel-kvmsmall-livepatch-devel-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-6.4.0-150600.23.25.2 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.25.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.25.1 * kernel-default-debugsource-6.4.0-150600.23.25.1 * kernel-default-livepatch-devel-6.4.0-150600.23.25.1 * gfs2-kmp-default-6.4.0-150600.23.25.1 * kernel-obs-build-6.4.0-150600.23.25.2 * kernel-default-devel-6.4.0-150600.23.25.1 * dlm-kmp-default-6.4.0-150600.23.25.1 * kernel-default-optional-6.4.0-150600.23.25.1 * cluster-md-kmp-default-6.4.0-150600.23.25.1 * kernel-default-debuginfo-6.4.0-150600.23.25.1 * kernel-default-optional-debuginfo-6.4.0-150600.23.25.1 * kernel-default-extra-debuginfo-6.4.0-150600.23.25.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.25.1 * kselftests-kmp-default-6.4.0-150600.23.25.1 * reiserfs-kmp-default-6.4.0-150600.23.25.1 * kernel-syms-6.4.0-150600.23.25.1 * kselftests-kmp-default-debuginfo-6.4.0-150600.23.25.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.25.1 * ocfs2-kmp-default-6.4.0-150600.23.25.1 * kernel-default-extra-6.4.0-150600.23.25.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.25.1 * kernel-obs-qa-6.4.0-150600.23.25.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.25.1 * kernel-default-livepatch-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_5-debugsource-1-150600.13.3.1 * kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-1-150600.13.3.1 * kernel-livepatch-6_4_0-150600_23_25-default-1-150600.13.3.1 * openSUSE Leap 15.6 (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (s390x) * kernel-zfcpdump-debugsource-6.4.0-150600.23.25.1 * kernel-zfcpdump-debuginfo-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (nosrc) * dtb-aarch64-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (aarch64) * gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.25.1 * dtb-cavium-6.4.0-150600.23.25.1 * kernel-64kb-optional-debuginfo-6.4.0-150600.23.25.1 * dtb-broadcom-6.4.0-150600.23.25.1 * dtb-renesas-6.4.0-150600.23.25.1 * dlm-kmp-64kb-6.4.0-150600.23.25.1 * dtb-nvidia-6.4.0-150600.23.25.1 * dlm-kmp-64kb-debuginfo-6.4.0-150600.23.25.1 * kernel-64kb-livepatch-devel-6.4.0-150600.23.25.1 * dtb-allwinner-6.4.0-150600.23.25.1 * kernel-64kb-extra-6.4.0-150600.23.25.1 * reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.25.1 * dtb-altera-6.4.0-150600.23.25.1 * ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.25.1 * reiserfs-kmp-64kb-6.4.0-150600.23.25.1 * kernel-64kb-devel-debuginfo-6.4.0-150600.23.25.1 * kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.25.1 * dtb-apple-6.4.0-150600.23.25.1 * dtb-mediatek-6.4.0-150600.23.25.1 * dtb-socionext-6.4.0-150600.23.25.1 * dtb-hisilicon-6.4.0-150600.23.25.1 * kernel-64kb-extra-debuginfo-6.4.0-150600.23.25.1 * cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.25.1 * dtb-qcom-6.4.0-150600.23.25.1 * kselftests-kmp-64kb-6.4.0-150600.23.25.1 * kernel-64kb-debuginfo-6.4.0-150600.23.25.1 * dtb-amazon-6.4.0-150600.23.25.1 * dtb-lg-6.4.0-150600.23.25.1 * dtb-rockchip-6.4.0-150600.23.25.1 * dtb-freescale-6.4.0-150600.23.25.1 * ocfs2-kmp-64kb-6.4.0-150600.23.25.1 * dtb-apm-6.4.0-150600.23.25.1 * dtb-xilinx-6.4.0-150600.23.25.1 * kernel-64kb-optional-6.4.0-150600.23.25.1 * kernel-64kb-debugsource-6.4.0-150600.23.25.1 * cluster-md-kmp-64kb-6.4.0-150600.23.25.1 * dtb-sprd-6.4.0-150600.23.25.1 * dtb-amlogic-6.4.0-150600.23.25.1 * gfs2-kmp-64kb-6.4.0-150600.23.25.1 * dtb-amd-6.4.0-150600.23.25.1 * dtb-exynos-6.4.0-150600.23.25.1 * kernel-64kb-devel-6.4.0-150600.23.25.1 * dtb-arm-6.4.0-150600.23.25.1 * dtb-marvell-6.4.0-150600.23.25.1 * openSUSE Leap 15.6 (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.25.1 * Basesystem Module 15-SP6 (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.25.1 * Basesystem Module 15-SP6 (aarch64) * kernel-64kb-debugsource-6.4.0-150600.23.25.1 * kernel-64kb-debuginfo-6.4.0-150600.23.25.1 * kernel-64kb-devel-6.4.0-150600.23.25.1 * kernel-64kb-devel-debuginfo-6.4.0-150600.23.25.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.25.1 * Basesystem Module 15-SP6 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-150600.23.25.1.150600.12.10.2 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-150600.23.25.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.25.1 * kernel-default-devel-6.4.0-150600.23.25.1 * kernel-default-debugsource-6.4.0-150600.23.25.1 * Basesystem Module 15-SP6 (noarch) * kernel-devel-6.4.0-150600.23.25.1 * kernel-macros-6.4.0-150600.23.25.1 * Basesystem Module 15-SP6 (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.25.1 * Basesystem Module 15-SP6 (s390x) * kernel-zfcpdump-debugsource-6.4.0-150600.23.25.1 * kernel-zfcpdump-debuginfo-6.4.0-150600.23.25.1 * Development Tools Module 15-SP6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.25.2 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-6.4.0-150600.23.25.2 * kernel-obs-build-debugsource-6.4.0-150600.23.25.2 * kernel-syms-6.4.0-150600.23.25.1 * Development Tools Module 15-SP6 (noarch) * kernel-source-6.4.0-150600.23.25.1 * Legacy Module 15-SP6 (nosrc) * kernel-default-6.4.0-150600.23.25.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-150600.23.25.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.25.1 * reiserfs-kmp-default-6.4.0-150600.23.25.1 * kernel-default-debugsource-6.4.0-150600.23.25.1 * SUSE Linux Enterprise Live Patching 15-SP6 (nosrc) * kernel-default-6.4.0-150600.23.25.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_5-debugsource-1-150600.13.3.1 * kernel-livepatch-6_4_0-150600_23_25-default-1-150600.13.3.1 * kernel-default-debuginfo-6.4.0-150600.23.25.1 * kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-1-150600.13.3.1 * kernel-default-debugsource-6.4.0-150600.23.25.1 * kernel-default-livepatch-devel-6.4.0-150600.23.25.1 * kernel-default-livepatch-6.4.0-150600.23.25.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-6.4.0-150600.23.25.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.25.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.25.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.25.1 * cluster-md-kmp-default-6.4.0-150600.23.25.1 * kernel-default-debuginfo-6.4.0-150600.23.25.1 * kernel-default-debugsource-6.4.0-150600.23.25.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.25.1 * gfs2-kmp-default-6.4.0-150600.23.25.1 * ocfs2-kmp-default-6.4.0-150600.23.25.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc) * kernel-default-6.4.0-150600.23.25.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (nosrc) * kernel-default-6.4.0-150600.23.25.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * kernel-default-debuginfo-6.4.0-150600.23.25.1 * kernel-default-extra-6.4.0-150600.23.25.1 * kernel-default-debugsource-6.4.0-150600.23.25.1 * kernel-default-extra-debuginfo-6.4.0-150600.23.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52610.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52915.html * https://www.suse.com/security/cve/CVE-2023-52916.html * https://www.suse.com/security/cve/CVE-2024-26640.html * https://www.suse.com/security/cve/CVE-2024-26759.html * https://www.suse.com/security/cve/CVE-2024-26804.html * https://www.suse.com/security/cve/CVE-2024-36953.html * https://www.suse.com/security/cve/CVE-2024-38538.html * https://www.suse.com/security/cve/CVE-2024-38596.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-40965.html * https://www.suse.com/security/cve/CVE-2024-40973.html * https://www.suse.com/security/cve/CVE-2024-40983.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42243.html * https://www.suse.com/security/cve/CVE-2024-42252.html * https://www.suse.com/security/cve/CVE-2024-42265.html * https://www.suse.com/security/cve/CVE-2024-42294.html * https://www.suse.com/security/cve/CVE-2024-42304.html * https://www.suse.com/security/cve/CVE-2024-42305.html * https://www.suse.com/security/cve/CVE-2024-42306.html * https://www.suse.com/security/cve/CVE-2024-43828.html * https://www.suse.com/security/cve/CVE-2024-43832.html * https://www.suse.com/security/cve/CVE-2024-43835.html * https://www.suse.com/security/cve/CVE-2024-43845.html * https://www.suse.com/security/cve/CVE-2024-43870.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43898.html * https://www.suse.com/security/cve/CVE-2024-43904.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44935.html * https://www.suse.com/security/cve/CVE-2024-44944.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44947.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44950.html * https://www.suse.com/security/cve/CVE-2024-44951.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44960.html * https://www.suse.com/security/cve/CVE-2024-44961.html * https://www.suse.com/security/cve/CVE-2024-44962.html * https://www.suse.com/security/cve/CVE-2024-44965.html * https://www.suse.com/security/cve/CVE-2024-44967.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44970.html * https://www.suse.com/security/cve/CVE-2024-44971.html * https://www.suse.com/security/cve/CVE-2024-44977.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44984.html * https://www.suse.com/security/cve/CVE-2024-44985.html * https://www.suse.com/security/cve/CVE-2024-44986.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44988.html * https://www.suse.com/security/cve/CVE-2024-44989.html * https://www.suse.com/security/cve/CVE-2024-44990.html * https://www.suse.com/security/cve/CVE-2024-44991.html * https://www.suse.com/security/cve/CVE-2024-44997.html * https://www.suse.com/security/cve/CVE-2024-44998.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45000.html * https://www.suse.com/security/cve/CVE-2024-45001.html * https://www.suse.com/security/cve/CVE-2024-45002.html * https://www.suse.com/security/cve/CVE-2024-45003.html * https://www.suse.com/security/cve/CVE-2024-45005.html * https://www.suse.com/security/cve/CVE-2024-45006.html * https://www.suse.com/security/cve/CVE-2024-45007.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-45011.html * https://www.suse.com/security/cve/CVE-2024-45012.html * https://www.suse.com/security/cve/CVE-2024-45013.html * https://www.suse.com/security/cve/CVE-2024-45015.html * https://www.suse.com/security/cve/CVE-2024-45017.html * https://www.suse.com/security/cve/CVE-2024-45018.html * https://www.suse.com/security/cve/CVE-2024-45019.html * https://www.suse.com/security/cve/CVE-2024-45020.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-45022.html * https://www.suse.com/security/cve/CVE-2024-45023.html * https://www.suse.com/security/cve/CVE-2024-45026.html * https://www.suse.com/security/cve/CVE-2024-45028.html * https://www.suse.com/security/cve/CVE-2024-45029.html * https://www.suse.com/security/cve/CVE-2024-45030.html * https://www.suse.com/security/cve/CVE-2024-46672.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46674.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46687.html * https://www.suse.com/security/cve/CVE-2024-46689.html * https://www.suse.com/security/cve/CVE-2024-46691.html * https://www.suse.com/security/cve/CVE-2024-46692.html * https://www.suse.com/security/cve/CVE-2024-46693.html * https://www.suse.com/security/cve/CVE-2024-46694.html * https://www.suse.com/security/cve/CVE-2024-46695.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46706.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46709.html * https://www.suse.com/security/cve/CVE-2024-46710.html * https://www.suse.com/security/cve/CVE-2024-46714.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46716.html * https://www.suse.com/security/cve/CVE-2024-46717.html * https://www.suse.com/security/cve/CVE-2024-46719.html * https://www.suse.com/security/cve/CVE-2024-46720.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46724.html * https://www.suse.com/security/cve/CVE-2024-46725.html * https://www.suse.com/security/cve/CVE-2024-46726.html * https://www.suse.com/security/cve/CVE-2024-46728.html * https://www.suse.com/security/cve/CVE-2024-46729.html * https://www.suse.com/security/cve/CVE-2024-46730.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46732.html * https://www.suse.com/security/cve/CVE-2024-46734.html * https://www.suse.com/security/cve/CVE-2024-46735.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46741.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46746.html * https://www.suse.com/security/cve/CVE-2024-46747.html * https://www.suse.com/security/cve/CVE-2024-46749.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46751.html * https://www.suse.com/security/cve/CVE-2024-46752.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46755.html * https://www.suse.com/security/cve/CVE-2024-46756.html * https://www.suse.com/security/cve/CVE-2024-46757.html * https://www.suse.com/security/cve/CVE-2024-46758.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46760.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46767.html * https://www.suse.com/security/cve/CVE-2024-46771.html * https://www.suse.com/security/cve/CVE-2024-46772.html * https://www.suse.com/security/cve/CVE-2024-46773.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46776.html * https://www.suse.com/security/cve/CVE-2024-46778.html * https://www.suse.com/security/cve/CVE-2024-46780.html * https://www.suse.com/security/cve/CVE-2024-46781.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46786.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46791.html * https://www.suse.com/security/cve/CVE-2024-46794.html * https://www.suse.com/security/cve/CVE-2024-46797.html * https://www.suse.com/security/cve/CVE-2024-46798.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://bugzilla.suse.com/show_bug.cgi?id=1012628 * https://bugzilla.suse.com/show_bug.cgi?id=1183045 * https://bugzilla.suse.com/show_bug.cgi?id=1215199 * https://bugzilla.suse.com/show_bug.cgi?id=1216223 * https://bugzilla.suse.com/show_bug.cgi?id=1216776 * https://bugzilla.suse.com/show_bug.cgi?id=1220382 * https://bugzilla.suse.com/show_bug.cgi?id=1221527 * https://bugzilla.suse.com/show_bug.cgi?id=1221610 * https://bugzilla.suse.com/show_bug.cgi?id=1221650 * https://bugzilla.suse.com/show_bug.cgi?id=1222629 * https://bugzilla.suse.com/show_bug.cgi?id=1223600 * https://bugzilla.suse.com/show_bug.cgi?id=1223848 * https://bugzilla.suse.com/show_bug.cgi?id=1225487 * https://bugzilla.suse.com/show_bug.cgi?id=1225812 * https://bugzilla.suse.com/show_bug.cgi?id=1225903 * https://bugzilla.suse.com/show_bug.cgi?id=1226003 * https://bugzilla.suse.com/show_bug.cgi?id=1226507 * https://bugzilla.suse.com/show_bug.cgi?id=1226606 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1226846 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227694 * https://bugzilla.suse.com/show_bug.cgi?id=1227726 * https://bugzilla.suse.com/show_bug.cgi?id=1227819 * https://bugzilla.suse.com/show_bug.cgi?id=1227885 * https://bugzilla.suse.com/show_bug.cgi?id=1227890 * https://bugzilla.suse.com/show_bug.cgi?id=1227962 * https://bugzilla.suse.com/show_bug.cgi?id=1228090 * https://bugzilla.suse.com/show_bug.cgi?id=1228140 * https://bugzilla.suse.com/show_bug.cgi?id=1228244 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228771 * https://bugzilla.suse.com/show_bug.cgi?id=1229001 * https://bugzilla.suse.com/show_bug.cgi?id=1229004 * https://bugzilla.suse.com/show_bug.cgi?id=1229019 * https://bugzilla.suse.com/show_bug.cgi?id=1229086 * https://bugzilla.suse.com/show_bug.cgi?id=1229167 * https://bugzilla.suse.com/show_bug.cgi?id=1229169 * https://bugzilla.suse.com/show_bug.cgi?id=1229289 * https://bugzilla.suse.com/show_bug.cgi?id=1229334 * https://bugzilla.suse.com/show_bug.cgi?id=1229362 * https://bugzilla.suse.com/show_bug.cgi?id=1229363 * https://bugzilla.suse.com/show_bug.cgi?id=1229364 * https://bugzilla.suse.com/show_bug.cgi?id=1229371 * https://bugzilla.suse.com/show_bug.cgi?id=1229380 * https://bugzilla.suse.com/show_bug.cgi?id=1229389 * https://bugzilla.suse.com/show_bug.cgi?id=1229394 * https://bugzilla.suse.com/show_bug.cgi?id=1229429 * https://bugzilla.suse.com/show_bug.cgi?id=1229443 * https://bugzilla.suse.com/show_bug.cgi?id=1229452 * https://bugzilla.suse.com/show_bug.cgi?id=1229455 * https://bugzilla.suse.com/show_bug.cgi?id=1229456 * https://bugzilla.suse.com/show_bug.cgi?id=1229494 * https://bugzilla.suse.com/show_bug.cgi?id=1229585 * https://bugzilla.suse.com/show_bug.cgi?id=1229753 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229768 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229810 * https://bugzilla.suse.com/show_bug.cgi?id=1229899 * https://bugzilla.suse.com/show_bug.cgi?id=1229928 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230119 * https://bugzilla.suse.com/show_bug.cgi?id=1230123 * https://bugzilla.suse.com/show_bug.cgi?id=1230124 * https://bugzilla.suse.com/show_bug.cgi?id=1230125 * https://bugzilla.suse.com/show_bug.cgi?id=1230169 * https://bugzilla.suse.com/show_bug.cgi?id=1230170 * https://bugzilla.suse.com/show_bug.cgi?id=1230171 * https://bugzilla.suse.com/show_bug.cgi?id=1230173 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230175 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230180 * https://bugzilla.suse.com/show_bug.cgi?id=1230181 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230191 * https://bugzilla.suse.com/show_bug.cgi?id=1230192 * https://bugzilla.suse.com/show_bug.cgi?id=1230193 * https://bugzilla.suse.com/show_bug.cgi?id=1230194 * https://bugzilla.suse.com/show_bug.cgi?id=1230195 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230206 * https://bugzilla.suse.com/show_bug.cgi?id=1230207 * https://bugzilla.suse.com/show_bug.cgi?id=1230209 * https://bugzilla.suse.com/show_bug.cgi?id=1230211 * https://bugzilla.suse.com/show_bug.cgi?id=1230213 * https://bugzilla.suse.com/show_bug.cgi?id=1230217 * https://bugzilla.suse.com/show_bug.cgi?id=1230221 * https://bugzilla.suse.com/show_bug.cgi?id=1230224 * https://bugzilla.suse.com/show_bug.cgi?id=1230230 * https://bugzilla.suse.com/show_bug.cgi?id=1230232 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230240 * https://bugzilla.suse.com/show_bug.cgi?id=1230244 * https://bugzilla.suse.com/show_bug.cgi?id=1230245 * https://bugzilla.suse.com/show_bug.cgi?id=1230247 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230269 * https://bugzilla.suse.com/show_bug.cgi?id=1230270 * https://bugzilla.suse.com/show_bug.cgi?id=1230295 * https://bugzilla.suse.com/show_bug.cgi?id=1230340 * https://bugzilla.suse.com/show_bug.cgi?id=1230426 * https://bugzilla.suse.com/show_bug.cgi?id=1230430 * https://bugzilla.suse.com/show_bug.cgi?id=1230431 * https://bugzilla.suse.com/show_bug.cgi?id=1230432 * https://bugzilla.suse.com/show_bug.cgi?id=1230433 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230435 * https://bugzilla.suse.com/show_bug.cgi?id=1230440 * https://bugzilla.suse.com/show_bug.cgi?id=1230441 * https://bugzilla.suse.com/show_bug.cgi?id=1230442 * https://bugzilla.suse.com/show_bug.cgi?id=1230444 * https://bugzilla.suse.com/show_bug.cgi?id=1230450 * https://bugzilla.suse.com/show_bug.cgi?id=1230451 * https://bugzilla.suse.com/show_bug.cgi?id=1230454 * https://bugzilla.suse.com/show_bug.cgi?id=1230455 * https://bugzilla.suse.com/show_bug.cgi?id=1230457 * https://bugzilla.suse.com/show_bug.cgi?id=1230459 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230507 * https://bugzilla.suse.com/show_bug.cgi?id=1230511 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230518 * https://bugzilla.suse.com/show_bug.cgi?id=1230519 * https://bugzilla.suse.com/show_bug.cgi?id=1230520 * https://bugzilla.suse.com/show_bug.cgi?id=1230521 * https://bugzilla.suse.com/show_bug.cgi?id=1230524 * https://bugzilla.suse.com/show_bug.cgi?id=1230526 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230539 * https://bugzilla.suse.com/show_bug.cgi?id=1230540 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230562 * https://bugzilla.suse.com/show_bug.cgi?id=1230563 * https://bugzilla.suse.com/show_bug.cgi?id=1230564 * https://bugzilla.suse.com/show_bug.cgi?id=1230580 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230602 * https://bugzilla.suse.com/show_bug.cgi?id=1230699 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230701 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230703 * https://bugzilla.suse.com/show_bug.cgi?id=1230704 * https://bugzilla.suse.com/show_bug.cgi?id=1230705 * https://bugzilla.suse.com/show_bug.cgi?id=1230706 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230711 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230715 * https://bugzilla.suse.com/show_bug.cgi?id=1230719 * https://bugzilla.suse.com/show_bug.cgi?id=1230722 * https://bugzilla.suse.com/show_bug.cgi?id=1230724 * https://bugzilla.suse.com/show_bug.cgi?id=1230725 * https://bugzilla.suse.com/show_bug.cgi?id=1230726 * https://bugzilla.suse.com/show_bug.cgi?id=1230727 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230749 * https://bugzilla.suse.com/show_bug.cgi?id=1230751 * https://bugzilla.suse.com/show_bug.cgi?id=1230752 * https://bugzilla.suse.com/show_bug.cgi?id=1230753 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230766 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230768 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230772 * https://bugzilla.suse.com/show_bug.cgi?id=1230775 * https://bugzilla.suse.com/show_bug.cgi?id=1230776 * https://bugzilla.suse.com/show_bug.cgi?id=1230780 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230786 * https://bugzilla.suse.com/show_bug.cgi?id=1230787 * https://bugzilla.suse.com/show_bug.cgi?id=1230791 * https://bugzilla.suse.com/show_bug.cgi?id=1230794 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230802 * https://bugzilla.suse.com/show_bug.cgi?id=1230806 * https://bugzilla.suse.com/show_bug.cgi?id=1230808 * https://bugzilla.suse.com/show_bug.cgi?id=1230809 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230812 * https://bugzilla.suse.com/show_bug.cgi?id=1230813 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230821 * https://bugzilla.suse.com/show_bug.cgi?id=1230825 * https://bugzilla.suse.com/show_bug.cgi?id=1230830 * https://bugzilla.suse.com/show_bug.cgi?id=1230831 * https://bugzilla.suse.com/show_bug.cgi?id=1230854 * https://bugzilla.suse.com/show_bug.cgi?id=1230948 * https://bugzilla.suse.com/show_bug.cgi?id=1231008 * https://bugzilla.suse.com/show_bug.cgi?id=1231035 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://bugzilla.suse.com/show_bug.cgi?id=1231182 * https://bugzilla.suse.com/show_bug.cgi?id=1231183 * https://jira.suse.com/browse/PED-10954 * https://jira.suse.com/browse/PED-9899 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 16:30:14 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 16:30:14 -0000 Subject: SUSE-SU-2024:3570-1: critical: Security update for cups-filters Message-ID: <172849141401.6959.13341438654411459064@smelt2.prg2.suse.org> # Security update for cups-filters Announcement ID: SUSE-SU-2024:3570-1 Release Date: 2024-10-09T13:28:58Z Rating: critical References: * bsc#1230939 * bsc#1231294 Cross-References: * CVE-2024-47176 * CVE-2024-47850 CVSS scores: * CVE-2024-47176 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2024-47176 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-47176 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-47850 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H * CVE-2024-47850 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-47850 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for cups-filters fixes the following issues: * CVE-2024-47176: cups-browsed binds on UDP port 631 and trusts packets that try to trigger a Get-Printer-Attributes IPP request. (bsc#1230939) * CVE-2024-47850: cups-browsed can be abused to initiate remote DDoS against third-party targets (bsc#1231294) The fix is disabling the CUPS protocol in cups-browsed. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3570=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3570=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3570=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3570=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-cpp0-debuginfo-0.43.0-16.49.1 * libpoppler-glib-devel-0.43.0-16.49.1 * libpoppler-devel-0.43.0-16.49.1 * libpoppler-qt4-devel-0.43.0-16.49.1 * typelib-1_0-Poppler-0_18-0.43.0-16.49.1 * libpoppler-cpp0-0.43.0-16.49.1 * poppler-debugsource-0.43.0-16.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * cups-filters-cups-browsed-debuginfo-1.0.58-19.26.1 * poppler-tools-debuginfo-0.43.0-16.49.1 * libpoppler60-debuginfo-0.43.0-16.49.1 * poppler-debugsource-0.43.0-16.49.1 * cups-filters-foomatic-rip-debuginfo-1.0.58-19.26.1 * poppler-tools-0.43.0-16.49.1 * libpoppler-glib8-debuginfo-0.43.0-16.49.1 * cups-filters-cups-browsed-1.0.58-19.26.1 * cups-filters-1.0.58-19.26.1 * libpoppler-qt4-4-0.43.0-16.49.1 * cups-filters-debugsource-1.0.58-19.26.1 * cups-filters-foomatic-rip-1.0.58-19.26.1 * cups-filters-ghostscript-1.0.58-19.26.1 * cups-filters-debuginfo-1.0.58-19.26.1 * libpoppler-glib8-0.43.0-16.49.1 * libpoppler60-0.43.0-16.49.1 * cups-filters-ghostscript-debuginfo-1.0.58-19.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.49.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * cups-filters-cups-browsed-debuginfo-1.0.58-19.26.1 * poppler-tools-debuginfo-0.43.0-16.49.1 * libpoppler60-debuginfo-0.43.0-16.49.1 * poppler-debugsource-0.43.0-16.49.1 * cups-filters-foomatic-rip-debuginfo-1.0.58-19.26.1 * poppler-tools-0.43.0-16.49.1 * libpoppler-glib8-debuginfo-0.43.0-16.49.1 * cups-filters-cups-browsed-1.0.58-19.26.1 * cups-filters-1.0.58-19.26.1 * libpoppler-qt4-4-0.43.0-16.49.1 * cups-filters-debugsource-1.0.58-19.26.1 * cups-filters-foomatic-rip-1.0.58-19.26.1 * cups-filters-ghostscript-1.0.58-19.26.1 * cups-filters-debuginfo-1.0.58-19.26.1 * libpoppler-glib8-0.43.0-16.49.1 * libpoppler60-0.43.0-16.49.1 * cups-filters-ghostscript-debuginfo-1.0.58-19.26.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * cups-filters-cups-browsed-debuginfo-1.0.58-19.26.1 * poppler-tools-debuginfo-0.43.0-16.49.1 * libpoppler-qt4-4-debuginfo-0.43.0-16.49.1 * libpoppler60-debuginfo-0.43.0-16.49.1 * poppler-debugsource-0.43.0-16.49.1 * cups-filters-foomatic-rip-debuginfo-1.0.58-19.26.1 * poppler-tools-0.43.0-16.49.1 * libpoppler-glib8-debuginfo-0.43.0-16.49.1 * cups-filters-cups-browsed-1.0.58-19.26.1 * cups-filters-1.0.58-19.26.1 * libpoppler-qt4-4-0.43.0-16.49.1 * cups-filters-debugsource-1.0.58-19.26.1 * cups-filters-foomatic-rip-1.0.58-19.26.1 * cups-filters-ghostscript-1.0.58-19.26.1 * cups-filters-debuginfo-1.0.58-19.26.1 * libpoppler-glib8-0.43.0-16.49.1 * libpoppler60-0.43.0-16.49.1 * cups-filters-ghostscript-debuginfo-1.0.58-19.26.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47176.html * https://www.suse.com/security/cve/CVE-2024-47850.html * https://bugzilla.suse.com/show_bug.cgi?id=1230939 * https://bugzilla.suse.com/show_bug.cgi?id=1231294 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 9 20:30:04 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 09 Oct 2024 20:30:04 -0000 Subject: SUSE-SU-2024:3575-1: important: Security update for redis Message-ID: <172850580467.14555.5819385327517632258@smelt2.prg2.suse.org> # Security update for redis Announcement ID: SUSE-SU-2024:3575-1 Release Date: 2024-10-09T16:55:37Z Rating: important References: * bsc#1231264 * bsc#1231265 Cross-References: * CVE-2024-31228 * CVE-2024-31449 CVSS scores: * CVE-2024-31228 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-31228 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-31449 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-31449 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2024-31228: Fixed unbounded recursive pattern matching (bsc#1231265) * CVE-2024-31449: Fixed integer overflow bug in Lua bit_tohex (bsc#1231264) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3575=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3575=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3575=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-3575=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3575=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3575=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3575=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3575=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3575=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3575=1 ## Package List: * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 * SUSE Manager Proxy 4.3 (x86_64) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * redis-debugsource-6.2.6-150400.3.28.1 * redis-debuginfo-6.2.6-150400.3.28.1 * redis-6.2.6-150400.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31228.html * https://www.suse.com/security/cve/CVE-2024-31449.html * https://bugzilla.suse.com/show_bug.cgi?id=1231264 * https://bugzilla.suse.com/show_bug.cgi?id=1231265 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 10 08:30:24 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 10 Oct 2024 08:30:24 -0000 Subject: SUSE-SU-2024:3577-1: important: Security update for libreoffice Message-ID: <172854902408.7152.17416228844086156746@smelt2.prg2.suse.org> # Security update for libreoffice Announcement ID: SUSE-SU-2024:3577-1 Release Date: 2024-10-10T04:37:02Z Rating: important References: * bsc#1047218 * bsc#1225597 * bsc#1226975 * bsc#1229589 * jsc#PED-10362 Cross-References: * CVE-2024-5261 CVSS scores: * CVE-2024-5261 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for libreofficefixes the following issues: libreoffice was updated to version 24.8.1.2 (jsc#PED-10362): * Release notes: * https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and * https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and * https://wiki.documentfoundation.org/Releases/24.8.0/RC3 * Security issues fixed: * CVE-2024-526: Fixed TLS certificates are not properly verified when utilizing LibreOfficeKit (bsc#1226975) * Other bugs fixed: * Use system curl instead of the bundled one on systems greater than or equal to SLE15 (bsc#1229589) * Use the new clucene function, which makes index files reproducible (bsc#1047218) * Support firebird database with new package `libreoffice-base-drivers- firebird` in Package Hub and openSUSE Leap (bsc#1225597) * Update bundled dependencies: * Java-Websocket updated from 1.5.4 to 1.5.6 * boost updated from 1.82.0 to 1.85.0 * curl updated from 8.7.1 to 8.9.1 * fontconfig updated from 2.14.2 to 2.15.0 * freetype updated from 2.13.0 to 2.13.2 * harfbuzz updated from 8.2.2 to 8.5.0 * icu4c-data updated from 73.2 to 74.2 * icu4c-src updated from 73.2 to 74.2 * libassuan updated from 2.5.7 to 3.0.1 * libcmis updated from 0.6.1 to 0.6.2 * libgpg-error updated from 1.48 to 1.50 * pdfium updated from 6179 to 6425 * poppler updated from 23.09.0 to 24.08.0 * tiff updated from 4.6.0 to 4.6.0t ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3577=1 openSUSE-SLE-15.5-2024-3577=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3577=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3577=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3577=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3577=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3577=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libreoffice-base-24.8.1.2-150500.20.11.2 * libreoffice-sdk-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-sdk-doc-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-officebean-24.8.1.2-150500.20.11.2 * libreoffice-impress-24.8.1.2-150500.20.11.2 * libreoffice-writer-extensions-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-24.8.1.2-150500.20.11.2 * libreoffice-filters-optional-24.8.1.2-150500.20.11.2 * libreoffice-qt5-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-gnome-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-librelogo-24.8.1.2-150500.20.11.2 * libreofficekit-24.8.1.2-150500.20.11.2 * libreofficekit-devel-24.8.1.2-150500.20.11.2 * libreoffice-gnome-24.8.1.2-150500.20.11.2 * libreoffice-officebean-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-24.8.1.2-150500.20.11.2 * libreoffice-math-24.8.1.2-150500.20.11.2 * libreoffice-calc-extensions-24.8.1.2-150500.20.11.2 * libreoffice-impress-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-writer-24.8.1.2-150500.20.11.2 * libreoffice-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-debugsource-24.8.1.2-150500.20.11.2 * libreoffice-calc-24.8.1.2-150500.20.11.2 * libreoffice-math-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-firebird-24.8.1.2-150500.20.11.2 * libreoffice-draw-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-sdk-24.8.1.2-150500.20.11.2 * libreoffice-mailmerge-24.8.1.2-150500.20.11.2 * libreoffice-qt5-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-firebird-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-calc-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-24.8.1.2-150500.20.11.2 * libreoffice-24.8.1.2-150500.20.11.2 * libreoffice-writer-debuginfo-24.8.1.2-150500.20.11.2 * openSUSE Leap 15.5 (noarch) * libreoffice-l10n-ru-24.8.1.2-150500.20.11.2 * libreoffice-l10n-et-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ug-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sw_TZ-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-th-24.8.1.2-150500.20.11.2 * libreoffice-l10n-te-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sq-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-om-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-xh-24.8.1.2-150500.20.11.2 * libreoffice-l10n-am-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ve-24.8.1.2-150500.20.11.2 * libreoffice-l10n-de-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ss-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_BR-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dgo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nl-24.8.1.2-150500.20.11.2 * libreoffice-icon-themes-24.8.1.2-150500.20.11.2 * libreoffice-l10n-el-24.8.1.2-150500.20.11.2 * libreoffice-l10n-es-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ar-24.8.1.2-150500.20.11.2 * libreoffice-l10n-szl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-or-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ro-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dsb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-vec-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lb-24.8.1.2-150500.20.11.2 * libreoffice-kdeintegration-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ne-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sat-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ka-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_PT-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ja-24.8.1.2-150500.20.11.2 * libreoffice-l10n-brx-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mni-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ast-24.8.1.2-150500.20.11.2 * libreoffice-branding-upstream-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en_GB-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_CN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-id-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-is-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ml-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ckb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-da-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sv-24.8.1.2-150500.20.11.2 * libreoffice-glade-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-be-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gd-24.8.1.2-150500.20.11.2 * libreoffice-l10n-br-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hsb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en_ZA-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fur-24.8.1.2-150500.20.11.2 * libreoffice-l10n-as-24.8.1.2-150500.20.11.2 * libreoffice-l10n-si-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kok-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn_IN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-km-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kmr_Latn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ga-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sa_IN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-oc-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kab-24.8.1.2-150500.20.11.2 * libreoffice-l10n-vi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_TW-24.8.1.2-150500.20.11.2 * libreoffice-l10n-st-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gug-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca_valencia-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mai-24.8.1.2-150500.20.11.2 * libreoffice-gdb-pretty-printers-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ks-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sid-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ta-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-my-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-rw-24.8.1.2-150500.20.11.2 * libreoffice-l10n-af-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ts-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ko-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-it-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nso-24.8.1.2-150500.20.11.2 * libreoffice-l10n-he-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lv-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sd-24.8.1.2-150500.20.11.2 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libreoffice-base-24.8.1.2-150500.20.11.2 * libreoffice-sdk-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-sdk-doc-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-officebean-24.8.1.2-150500.20.11.2 * libreoffice-impress-24.8.1.2-150500.20.11.2 * libreoffice-writer-extensions-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-24.8.1.2-150500.20.11.2 * libreoffice-filters-optional-24.8.1.2-150500.20.11.2 * libreoffice-qt5-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-gnome-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-librelogo-24.8.1.2-150500.20.11.2 * libreofficekit-24.8.1.2-150500.20.11.2 * libreofficekit-devel-24.8.1.2-150500.20.11.2 * libreoffice-gnome-24.8.1.2-150500.20.11.2 * libreoffice-officebean-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-24.8.1.2-150500.20.11.2 * libreoffice-math-24.8.1.2-150500.20.11.2 * libreoffice-calc-extensions-24.8.1.2-150500.20.11.2 * libreoffice-impress-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-writer-24.8.1.2-150500.20.11.2 * libreoffice-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-debugsource-24.8.1.2-150500.20.11.2 * libreoffice-calc-24.8.1.2-150500.20.11.2 * libreoffice-math-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-firebird-24.8.1.2-150500.20.11.2 * libreoffice-draw-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-sdk-24.8.1.2-150500.20.11.2 * libreoffice-mailmerge-24.8.1.2-150500.20.11.2 * libreoffice-qt5-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-firebird-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-calc-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-24.8.1.2-150500.20.11.2 * libreoffice-24.8.1.2-150500.20.11.2 * libreoffice-writer-debuginfo-24.8.1.2-150500.20.11.2 * openSUSE Leap 15.6 (noarch) * libreoffice-l10n-ru-24.8.1.2-150500.20.11.2 * libreoffice-l10n-et-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ug-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sw_TZ-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-th-24.8.1.2-150500.20.11.2 * libreoffice-l10n-te-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sq-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-om-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-xh-24.8.1.2-150500.20.11.2 * libreoffice-l10n-am-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ve-24.8.1.2-150500.20.11.2 * libreoffice-l10n-de-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ss-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_BR-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dgo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nl-24.8.1.2-150500.20.11.2 * libreoffice-icon-themes-24.8.1.2-150500.20.11.2 * libreoffice-l10n-el-24.8.1.2-150500.20.11.2 * libreoffice-l10n-es-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ar-24.8.1.2-150500.20.11.2 * libreoffice-l10n-szl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-or-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ro-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dsb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-vec-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ne-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sat-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ka-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_PT-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ja-24.8.1.2-150500.20.11.2 * libreoffice-l10n-brx-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mni-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ast-24.8.1.2-150500.20.11.2 * libreoffice-branding-upstream-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en_GB-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_CN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-id-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-is-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ml-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ckb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-da-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sv-24.8.1.2-150500.20.11.2 * libreoffice-glade-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-be-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gd-24.8.1.2-150500.20.11.2 * libreoffice-l10n-br-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hsb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en_ZA-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fur-24.8.1.2-150500.20.11.2 * libreoffice-l10n-as-24.8.1.2-150500.20.11.2 * libreoffice-l10n-si-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kok-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn_IN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-km-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kmr_Latn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ga-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sa_IN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-oc-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kab-24.8.1.2-150500.20.11.2 * libreoffice-l10n-vi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_TW-24.8.1.2-150500.20.11.2 * libreoffice-l10n-st-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gug-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca_valencia-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mai-24.8.1.2-150500.20.11.2 * libreoffice-gdb-pretty-printers-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ks-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sid-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ta-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-my-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-rw-24.8.1.2-150500.20.11.2 * libreoffice-l10n-af-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ts-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ko-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-it-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nso-24.8.1.2-150500.20.11.2 * libreoffice-l10n-he-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lv-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sd-24.8.1.2-150500.20.11.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le) * libreoffice-base-24.8.1.2-150500.20.11.2 * libreoffice-sdk-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-sdk-doc-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-officebean-24.8.1.2-150500.20.11.2 * libreoffice-impress-24.8.1.2-150500.20.11.2 * libreoffice-writer-extensions-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-24.8.1.2-150500.20.11.2 * libreoffice-filters-optional-24.8.1.2-150500.20.11.2 * libreoffice-qt5-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-gnome-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-librelogo-24.8.1.2-150500.20.11.2 * libreofficekit-24.8.1.2-150500.20.11.2 * libreofficekit-devel-24.8.1.2-150500.20.11.2 * libreoffice-gnome-24.8.1.2-150500.20.11.2 * libreoffice-officebean-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-24.8.1.2-150500.20.11.2 * libreoffice-math-24.8.1.2-150500.20.11.2 * libreoffice-calc-extensions-24.8.1.2-150500.20.11.2 * libreoffice-impress-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-writer-24.8.1.2-150500.20.11.2 * libreoffice-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-debugsource-24.8.1.2-150500.20.11.2 * libreoffice-calc-24.8.1.2-150500.20.11.2 * libreoffice-math-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-sdk-24.8.1.2-150500.20.11.2 * libreoffice-mailmerge-24.8.1.2-150500.20.11.2 * libreoffice-qt5-24.8.1.2-150500.20.11.2 * libreoffice-calc-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-24.8.1.2-150500.20.11.2 * libreoffice-24.8.1.2-150500.20.11.2 * libreoffice-writer-debuginfo-24.8.1.2-150500.20.11.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le x86_64) * libreoffice-base-drivers-firebird-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-firebird-debuginfo-24.8.1.2-150500.20.11.2 * SUSE Package Hub 15 15-SP5 (noarch) * libreoffice-l10n-ru-24.8.1.2-150500.20.11.2 * libreoffice-l10n-et-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ug-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sw_TZ-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-th-24.8.1.2-150500.20.11.2 * libreoffice-l10n-te-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sq-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-om-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-xh-24.8.1.2-150500.20.11.2 * libreoffice-l10n-am-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ve-24.8.1.2-150500.20.11.2 * libreoffice-l10n-de-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ss-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_BR-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dgo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nl-24.8.1.2-150500.20.11.2 * libreoffice-icon-themes-24.8.1.2-150500.20.11.2 * libreoffice-l10n-el-24.8.1.2-150500.20.11.2 * libreoffice-l10n-es-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ar-24.8.1.2-150500.20.11.2 * libreoffice-l10n-szl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-or-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ro-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dsb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-vec-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ne-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sat-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ka-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_PT-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ja-24.8.1.2-150500.20.11.2 * libreoffice-l10n-brx-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mni-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ast-24.8.1.2-150500.20.11.2 * libreoffice-branding-upstream-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en_GB-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_CN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-id-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-is-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ml-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ckb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-da-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sv-24.8.1.2-150500.20.11.2 * libreoffice-glade-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-be-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gd-24.8.1.2-150500.20.11.2 * libreoffice-l10n-br-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hsb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en_ZA-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fur-24.8.1.2-150500.20.11.2 * libreoffice-l10n-as-24.8.1.2-150500.20.11.2 * libreoffice-l10n-si-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kok-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn_IN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-km-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kmr_Latn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ga-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sa_IN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-oc-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kab-24.8.1.2-150500.20.11.2 * libreoffice-l10n-vi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_TW-24.8.1.2-150500.20.11.2 * libreoffice-l10n-st-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gug-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca_valencia-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mai-24.8.1.2-150500.20.11.2 * libreoffice-gdb-pretty-printers-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ks-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sid-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ta-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-my-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-rw-24.8.1.2-150500.20.11.2 * libreoffice-l10n-af-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ts-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ko-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-it-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nso-24.8.1.2-150500.20.11.2 * libreoffice-l10n-he-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lv-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sd-24.8.1.2-150500.20.11.2 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le) * libreoffice-base-24.8.1.2-150500.20.11.2 * libreoffice-sdk-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-sdk-doc-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-officebean-24.8.1.2-150500.20.11.2 * libreoffice-impress-24.8.1.2-150500.20.11.2 * libreoffice-writer-extensions-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-24.8.1.2-150500.20.11.2 * libreoffice-filters-optional-24.8.1.2-150500.20.11.2 * libreoffice-qt5-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-gnome-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-librelogo-24.8.1.2-150500.20.11.2 * libreofficekit-24.8.1.2-150500.20.11.2 * libreofficekit-devel-24.8.1.2-150500.20.11.2 * libreoffice-gnome-24.8.1.2-150500.20.11.2 * libreoffice-officebean-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-24.8.1.2-150500.20.11.2 * libreoffice-math-24.8.1.2-150500.20.11.2 * libreoffice-calc-extensions-24.8.1.2-150500.20.11.2 * libreoffice-impress-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-writer-24.8.1.2-150500.20.11.2 * libreoffice-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-debugsource-24.8.1.2-150500.20.11.2 * libreoffice-calc-24.8.1.2-150500.20.11.2 * libreoffice-math-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-sdk-24.8.1.2-150500.20.11.2 * libreoffice-mailmerge-24.8.1.2-150500.20.11.2 * libreoffice-qt5-24.8.1.2-150500.20.11.2 * libreoffice-calc-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-24.8.1.2-150500.20.11.2 * libreoffice-24.8.1.2-150500.20.11.2 * libreoffice-writer-debuginfo-24.8.1.2-150500.20.11.2 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le x86_64) * libreoffice-base-drivers-firebird-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-firebird-debuginfo-24.8.1.2-150500.20.11.2 * SUSE Package Hub 15 15-SP6 (noarch) * libreoffice-l10n-ru-24.8.1.2-150500.20.11.2 * libreoffice-l10n-et-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ug-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sw_TZ-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-th-24.8.1.2-150500.20.11.2 * libreoffice-l10n-te-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sq-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-om-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-xh-24.8.1.2-150500.20.11.2 * libreoffice-l10n-am-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ve-24.8.1.2-150500.20.11.2 * libreoffice-l10n-de-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ss-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_BR-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dgo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nl-24.8.1.2-150500.20.11.2 * libreoffice-icon-themes-24.8.1.2-150500.20.11.2 * libreoffice-l10n-el-24.8.1.2-150500.20.11.2 * libreoffice-l10n-es-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ar-24.8.1.2-150500.20.11.2 * libreoffice-l10n-szl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-or-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ro-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dsb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-vec-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ne-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sat-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ka-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_PT-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ja-24.8.1.2-150500.20.11.2 * libreoffice-l10n-brx-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mni-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ast-24.8.1.2-150500.20.11.2 * libreoffice-branding-upstream-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en_GB-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_CN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-id-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-is-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ml-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ckb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-da-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sv-24.8.1.2-150500.20.11.2 * libreoffice-glade-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-be-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gd-24.8.1.2-150500.20.11.2 * libreoffice-l10n-br-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hsb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en_ZA-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fur-24.8.1.2-150500.20.11.2 * libreoffice-l10n-as-24.8.1.2-150500.20.11.2 * libreoffice-l10n-si-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kok-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn_IN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-km-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kmr_Latn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ga-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sa_IN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-oc-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kab-24.8.1.2-150500.20.11.2 * libreoffice-l10n-vi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_TW-24.8.1.2-150500.20.11.2 * libreoffice-l10n-st-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gug-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca_valencia-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mai-24.8.1.2-150500.20.11.2 * libreoffice-gdb-pretty-printers-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ks-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sid-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ta-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-my-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-rw-24.8.1.2-150500.20.11.2 * libreoffice-l10n-af-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ts-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ko-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-it-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nso-24.8.1.2-150500.20.11.2 * libreoffice-l10n-he-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lv-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sd-24.8.1.2-150500.20.11.2 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libreoffice-base-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-officebean-24.8.1.2-150500.20.11.2 * libreoffice-impress-24.8.1.2-150500.20.11.2 * libreoffice-writer-extensions-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-24.8.1.2-150500.20.11.2 * libreoffice-filters-optional-24.8.1.2-150500.20.11.2 * libreofficekit-24.8.1.2-150500.20.11.2 * libreoffice-gnome-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-gnome-24.8.1.2-150500.20.11.2 * libreoffice-officebean-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-24.8.1.2-150500.20.11.2 * libreoffice-math-24.8.1.2-150500.20.11.2 * libreoffice-calc-extensions-24.8.1.2-150500.20.11.2 * libreoffice-impress-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-writer-24.8.1.2-150500.20.11.2 * libreoffice-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-debugsource-24.8.1.2-150500.20.11.2 * libreoffice-calc-24.8.1.2-150500.20.11.2 * libreoffice-math-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-mailmerge-24.8.1.2-150500.20.11.2 * libreoffice-calc-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-24.8.1.2-150500.20.11.2 * libreoffice-24.8.1.2-150500.20.11.2 * libreoffice-writer-debuginfo-24.8.1.2-150500.20.11.2 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * libreoffice-l10n-ru-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_CN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-et-24.8.1.2-150500.20.11.2 * libreoffice-l10n-el-24.8.1.2-150500.20.11.2 * libreoffice-l10n-es-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_TW-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ar-24.8.1.2-150500.20.11.2 * libreoffice-l10n-st-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ml-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-or-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ro-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mai-24.8.1.2-150500.20.11.2 * libreoffice-l10n-th-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ckb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-da-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sv-24.8.1.2-150500.20.11.2 * libreoffice-l10n-te-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ve-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ta-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-af-24.8.1.2-150500.20.11.2 * libreoffice-l10n-xh-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_PT-24.8.1.2-150500.20.11.2 * libreoffice-l10n-br-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ja-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fur-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ts-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-de-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ko-24.8.1.2-150500.20.11.2 * libreoffice-l10n-as-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-si-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ss-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_BR-24.8.1.2-150500.20.11.2 * libreoffice-l10n-it-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nso-24.8.1.2-150500.20.11.2 * libreoffice-l10n-he-24.8.1.2-150500.20.11.2 * libreoffice-branding-upstream-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lv-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ga-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mr-24.8.1.2-150500.20.11.2 * libreoffice-icon-themes-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fa-24.8.1.2-150500.20.11.2 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * libreoffice-base-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-drivers-postgresql-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-officebean-24.8.1.2-150500.20.11.2 * libreoffice-impress-24.8.1.2-150500.20.11.2 * libreoffice-writer-extensions-24.8.1.2-150500.20.11.2 * libreoffice-gtk3-24.8.1.2-150500.20.11.2 * libreoffice-filters-optional-24.8.1.2-150500.20.11.2 * libreofficekit-24.8.1.2-150500.20.11.2 * libreoffice-gnome-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-gnome-24.8.1.2-150500.20.11.2 * libreoffice-officebean-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-24.8.1.2-150500.20.11.2 * libreoffice-math-24.8.1.2-150500.20.11.2 * libreoffice-calc-extensions-24.8.1.2-150500.20.11.2 * libreoffice-impress-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-writer-24.8.1.2-150500.20.11.2 * libreoffice-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-debugsource-24.8.1.2-150500.20.11.2 * libreoffice-calc-24.8.1.2-150500.20.11.2 * libreoffice-math-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-base-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-draw-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-mailmerge-24.8.1.2-150500.20.11.2 * libreoffice-calc-debuginfo-24.8.1.2-150500.20.11.2 * libreoffice-pyuno-24.8.1.2-150500.20.11.2 * libreoffice-24.8.1.2-150500.20.11.2 * libreoffice-writer-debuginfo-24.8.1.2-150500.20.11.2 * SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch) * libreoffice-l10n-ru-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_CN-24.8.1.2-150500.20.11.2 * libreoffice-l10n-et-24.8.1.2-150500.20.11.2 * libreoffice-l10n-el-24.8.1.2-150500.20.11.2 * libreoffice-l10n-es-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ca-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zh_TW-24.8.1.2-150500.20.11.2 * libreoffice-l10n-zu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bg-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ar-24.8.1.2-150500.20.11.2 * libreoffice-l10n-st-24.8.1.2-150500.20.11.2 * libreoffice-l10n-bn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ml-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-or-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ro-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mai-24.8.1.2-150500.20.11.2 * libreoffice-l10n-th-24.8.1.2-150500.20.11.2 * libreoffice-l10n-uk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ckb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-da-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sk-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sv-24.8.1.2-150500.20.11.2 * libreoffice-l10n-te-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ve-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ta-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-en-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fi-24.8.1.2-150500.20.11.2 * libreoffice-l10n-gl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hy-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nb-24.8.1.2-150500.20.11.2 * libreoffice-l10n-af-24.8.1.2-150500.20.11.2 * libreoffice-l10n-xh-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_PT-24.8.1.2-150500.20.11.2 * libreoffice-l10n-br-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lt-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ja-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pa-24.8.1.2-150500.20.11.2 * libreoffice-l10n-dz-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fur-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ts-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-cs-24.8.1.2-150500.20.11.2 * libreoffice-l10n-hr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-de-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ko-24.8.1.2-150500.20.11.2 * libreoffice-l10n-as-24.8.1.2-150500.20.11.2 * libreoffice-l10n-sl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-si-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ss-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eo-24.8.1.2-150500.20.11.2 * libreoffice-l10n-pt_BR-24.8.1.2-150500.20.11.2 * libreoffice-l10n-it-24.8.1.2-150500.20.11.2 * libreoffice-l10n-eu-24.8.1.2-150500.20.11.2 * libreoffice-l10n-tr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nso-24.8.1.2-150500.20.11.2 * libreoffice-l10n-he-24.8.1.2-150500.20.11.2 * libreoffice-branding-upstream-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nr-24.8.1.2-150500.20.11.2 * libreoffice-l10n-kn-24.8.1.2-150500.20.11.2 * libreoffice-l10n-lv-24.8.1.2-150500.20.11.2 * libreoffice-l10n-nl-24.8.1.2-150500.20.11.2 * libreoffice-l10n-ga-24.8.1.2-150500.20.11.2 * libreoffice-l10n-mr-24.8.1.2-150500.20.11.2 * libreoffice-icon-themes-24.8.1.2-150500.20.11.2 * libreoffice-l10n-fa-24.8.1.2-150500.20.11.2 ## References: * https://www.suse.com/security/cve/CVE-2024-5261.html * https://bugzilla.suse.com/show_bug.cgi?id=1047218 * https://bugzilla.suse.com/show_bug.cgi?id=1225597 * https://bugzilla.suse.com/show_bug.cgi?id=1226975 * https://bugzilla.suse.com/show_bug.cgi?id=1229589 * https://jira.suse.com/browse/PED-10362 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 10 08:30:29 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 10 Oct 2024 08:30:29 -0000 Subject: SUSE-SU-2024:3576-1: important: Security update for libreoffice Message-ID: <172854902957.7152.10757554974881159135@smelt2.prg2.suse.org> # Security update for libreoffice Announcement ID: SUSE-SU-2024:3576-1 Release Date: 2024-10-10T04:15:27Z Rating: important References: * bsc#1047218 * bsc#1202273 * bsc#1226975 * bsc#1229589 * jsc#PED-10362 Cross-References: * CVE-2024-5261 CVSS scores: * CVE-2024-5261 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for libreoffice fixes the following issues: libreoffice was updated to version 24.8.1.2 (jsc#PED-10362): * Release notes: * https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and * https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and * https://wiki.documentfoundation.org/Releases/24.8.0/RC3 * Security issues fixed: * CVE-2024-526: Fixed TLS certificates are not properly verified when utilizing LibreOfficeKit (bsc#1226975) * Other bugs fixed: * Use system curl instead of the bundled one on systems greater than or equal to SLE15 (bsc#1229589) * Use the new clucene function, which makes index files reproducible (bsc#1047218) * Update bundled dependencies: * Java-Websocket updated from 1.5.4 to 1.5.6 * boost updated from 1.82.0 to 1.85.0 * curl updated from 8.7.1 to 8.9.1 * fontconfig updated from 2.14.2 to 2.15.0 * freetype updated from 2.13.0 to 2.13.2 * harfbuzz updated from 8.2.2 to 8.5.0 * icu4c-data updated from 73.2 to 74.2 * icu4c-src updated from 73.2 to 74.2 * libassuan updated from 2.5.7 to 3.0.1 * libcmis updated from 0.6.1 to 0.6.2 * libgpg-error updated from 1.48 to 1.50 * pdfium updated from 6179 to 6425 * poppler updated from 23.09.0 to 24.08.0 * tiff updated from 4.6.0 to 4.6.0t ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3576=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-3576=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64) * libreoffice-debugsource-24.8.1.2-48.64.2 * libreoffice-sdk-debuginfo-24.8.1.2-48.64.2 * libreoffice-sdk-24.8.1.2-48.64.2 * libreoffice-debuginfo-24.8.1.2-48.64.2 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libreoffice-filters-optional-24.8.1.2-48.64.2 * libreoffice-debugsource-24.8.1.2-48.64.2 * libreoffice-officebean-24.8.1.2-48.64.2 * libreoffice-impress-debuginfo-24.8.1.2-48.64.2 * libreoffice-debuginfo-24.8.1.2-48.64.2 * libreoffice-writer-debuginfo-24.8.1.2-48.64.2 * libreoffice-base-24.8.1.2-48.64.2 * libreoffice-base-drivers-postgresql-debuginfo-24.8.1.2-48.64.2 * libreoffice-gtk3-debuginfo-24.8.1.2-48.64.2 * libreoffice-calc-debuginfo-24.8.1.2-48.64.2 * libreoffice-writer-extensions-24.8.1.2-48.64.2 * libreoffice-calc-extensions-24.8.1.2-48.64.2 * libreoffice-writer-24.8.1.2-48.64.2 * libreoffice-impress-24.8.1.2-48.64.2 * libreoffice-math-24.8.1.2-48.64.2 * libreoffice-mailmerge-24.8.1.2-48.64.2 * libreoffice-draw-24.8.1.2-48.64.2 * libreoffice-draw-debuginfo-24.8.1.2-48.64.2 * libreoffice-24.8.1.2-48.64.2 * libreoffice-gnome-debuginfo-24.8.1.2-48.64.2 * libreoffice-pyuno-24.8.1.2-48.64.2 * libreoffice-base-debuginfo-24.8.1.2-48.64.2 * libreoffice-calc-24.8.1.2-48.64.2 * libreoffice-math-debuginfo-24.8.1.2-48.64.2 * libreoffice-pyuno-debuginfo-24.8.1.2-48.64.2 * libreoffice-librelogo-24.8.1.2-48.64.2 * libreoffice-officebean-debuginfo-24.8.1.2-48.64.2 * libreoffice-gnome-24.8.1.2-48.64.2 * libreoffice-gtk3-24.8.1.2-48.64.2 * libreoffice-base-drivers-postgresql-24.8.1.2-48.64.2 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * libreoffice-l10n-ca-24.8.1.2-48.64.2 * libreoffice-l10n-cs-24.8.1.2-48.64.2 * libreoffice-l10n-nn-24.8.1.2-48.64.2 * libreoffice-l10n-af-24.8.1.2-48.64.2 * libreoffice-l10n-bg-24.8.1.2-48.64.2 * libreoffice-l10n-sk-24.8.1.2-48.64.2 * libreoffice-l10n-ro-24.8.1.2-48.64.2 * libreoffice-l10n-sv-24.8.1.2-48.64.2 * libreoffice-l10n-ko-24.8.1.2-48.64.2 * libreoffice-l10n-xh-24.8.1.2-48.64.2 * libreoffice-l10n-hr-24.8.1.2-48.64.2 * libreoffice-l10n-pl-24.8.1.2-48.64.2 * libreoffice-l10n-zh_CN-24.8.1.2-48.64.2 * libreoffice-l10n-hi-24.8.1.2-48.64.2 * libreoffice-l10n-ja-24.8.1.2-48.64.2 * libreoffice-l10n-zu-24.8.1.2-48.64.2 * libreoffice-l10n-pt_PT-24.8.1.2-48.64.2 * libreoffice-l10n-hu-24.8.1.2-48.64.2 * libreoffice-l10n-ar-24.8.1.2-48.64.2 * libreoffice-branding-upstream-24.8.1.2-48.64.2 * libreoffice-l10n-de-24.8.1.2-48.64.2 * libreoffice-l10n-fr-24.8.1.2-48.64.2 * libreoffice-l10n-gu-24.8.1.2-48.64.2 * libreoffice-l10n-nb-24.8.1.2-48.64.2 * libreoffice-l10n-fi-24.8.1.2-48.64.2 * libreoffice-l10n-ru-24.8.1.2-48.64.2 * libreoffice-l10n-lt-24.8.1.2-48.64.2 * libreoffice-icon-themes-24.8.1.2-48.64.2 * libreoffice-l10n-da-24.8.1.2-48.64.2 * libreoffice-l10n-it-24.8.1.2-48.64.2 * libreoffice-l10n-zh_TW-24.8.1.2-48.64.2 * libreoffice-l10n-es-24.8.1.2-48.64.2 * libreoffice-l10n-uk-24.8.1.2-48.64.2 * libreoffice-l10n-nl-24.8.1.2-48.64.2 * libreoffice-l10n-en-24.8.1.2-48.64.2 * libreoffice-l10n-pt_BR-24.8.1.2-48.64.2 ## References: * https://www.suse.com/security/cve/CVE-2024-5261.html * https://bugzilla.suse.com/show_bug.cgi?id=1047218 * https://bugzilla.suse.com/show_bug.cgi?id=1202273 * https://bugzilla.suse.com/show_bug.cgi?id=1226975 * https://bugzilla.suse.com/show_bug.cgi?id=1229589 * https://jira.suse.com/browse/PED-10362 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 10 12:30:07 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 10 Oct 2024 12:30:07 -0000 Subject: SUSE-SU-2024:3586-1: important: Security update for xen Message-ID: <172856340749.6932.11448200085281824189@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2024:3586-1 Release Date: 2024-10-10T11:29:45Z Rating: important References: * bsc#1027519 * bsc#1228574 * bsc#1228575 * bsc#1230366 Cross-References: * CVE-2024-31145 * CVE-2024-31146 * CVE-2024-45817 CVSS scores: * CVE-2024-31145 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2024-31145 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2024-31146 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N * CVE-2024-31146 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2024-45817 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45817 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for xen fixes the following issues: Security fixes: * CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460) (bsc#1228574) * CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461) (bsc#1228575) * CVE-2024-45817: Fixed Deadlock in vlapic_error() (XSA-462) (bsc#1230366) Other fixes: * Upstream bug fixes (bsc#1027519) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3586=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3586=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3586=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3586=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 x86_64) * xen-devel-4.12.4_56-3.121.1 * xen-debugsource-4.12.4_56-3.121.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * xen-doc-html-4.12.4_56-3.121.1 * xen-libs-debuginfo-4.12.4_56-3.121.1 * xen-libs-32bit-4.12.4_56-3.121.1 * xen-libs-4.12.4_56-3.121.1 * xen-tools-4.12.4_56-3.121.1 * xen-tools-debuginfo-4.12.4_56-3.121.1 * xen-tools-domU-4.12.4_56-3.121.1 * xen-libs-debuginfo-32bit-4.12.4_56-3.121.1 * xen-tools-domU-debuginfo-4.12.4_56-3.121.1 * xen-4.12.4_56-3.121.1 * xen-debugsource-4.12.4_56-3.121.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * xen-doc-html-4.12.4_56-3.121.1 * xen-libs-debuginfo-4.12.4_56-3.121.1 * xen-libs-32bit-4.12.4_56-3.121.1 * xen-libs-4.12.4_56-3.121.1 * xen-tools-4.12.4_56-3.121.1 * xen-tools-debuginfo-4.12.4_56-3.121.1 * xen-tools-domU-4.12.4_56-3.121.1 * xen-libs-debuginfo-32bit-4.12.4_56-3.121.1 * xen-tools-domU-debuginfo-4.12.4_56-3.121.1 * xen-4.12.4_56-3.121.1 * xen-debugsource-4.12.4_56-3.121.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * xen-doc-html-4.12.4_56-3.121.1 * xen-libs-debuginfo-4.12.4_56-3.121.1 * xen-libs-32bit-4.12.4_56-3.121.1 * xen-libs-4.12.4_56-3.121.1 * xen-tools-4.12.4_56-3.121.1 * xen-tools-debuginfo-4.12.4_56-3.121.1 * xen-tools-domU-4.12.4_56-3.121.1 * xen-libs-debuginfo-32bit-4.12.4_56-3.121.1 * xen-tools-domU-debuginfo-4.12.4_56-3.121.1 * xen-4.12.4_56-3.121.1 * xen-debugsource-4.12.4_56-3.121.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31145.html * https://www.suse.com/security/cve/CVE-2024-31146.html * https://www.suse.com/security/cve/CVE-2024-45817.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1228574 * https://bugzilla.suse.com/show_bug.cgi?id=1228575 * https://bugzilla.suse.com/show_bug.cgi?id=1230366 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 10 12:30:22 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 10 Oct 2024 12:30:22 -0000 Subject: SUSE-SU-2024:3585-1: important: Security update for the Linux Kernel Message-ID: <172856342288.6932.9584147680265993810@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3585-1 Release Date: 2024-10-10T09:05:17Z Rating: important References: * bsc#1220826 * bsc#1226145 * bsc#1226666 * bsc#1227487 * bsc#1228466 * bsc#1229633 * bsc#1230015 * bsc#1230245 * bsc#1230326 * bsc#1230398 * bsc#1230434 * bsc#1230519 * bsc#1230767 Cross-References: * CVE-2021-47069 * CVE-2022-48911 * CVE-2022-48945 * CVE-2024-36971 * CVE-2024-41087 * CVE-2024-44946 * CVE-2024-45003 * CVE-2024-45021 * CVE-2024-46695 * CVE-2024-46774 CVSS scores: * CVE-2021-47069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36971 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36971 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41087 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46695 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 10 vulnerabilities and has three security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2021-47069: Fixed a crash due to relying on a stack reference past its expiry in ipc/mqueue, ipc/msg, ipc/sem (bsc#1220826). * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). * CVE-2024-41087: Fix double free on error (bsc#1228466). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519). * CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145). The following non-security bugs were fixed: * ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326). * ext4: add reserved GDT blocks check (bsc#1230326). * ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326). * ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326). * kabi: add __nf_queue_get_refs() for kabi compliance. * PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). * Revert "ext4: consolidate checks for resize of bigalloc into ext4_resize_begin" (bsc#1230326). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3585=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3585=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-3585=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3585=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3585=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3585=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3585=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3585=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3585=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3585=1 ## Package List: * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (noarch) * kernel-source-vanilla-5.3.18-150300.59.179.1 * kernel-source-5.3.18-150300.59.179.1 * kernel-devel-5.3.18-150300.59.179.1 * kernel-docs-html-5.3.18-150300.59.179.1 * kernel-macros-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-debug-5.3.18-150300.59.179.1 * kernel-kvmsmall-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-debug-devel-5.3.18-150300.59.179.1 * kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.179.1 * kernel-debug-debuginfo-5.3.18-150300.59.179.1 * kernel-kvmsmall-devel-5.3.18-150300.59.179.1 * kernel-debug-debugsource-5.3.18-150300.59.179.1 * kernel-debug-livepatch-devel-5.3.18-150300.59.179.1 * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-debug-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-kvmsmall-debuginfo-5.3.18-150300.59.179.1 * kernel-kvmsmall-debugsource-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.3.18-150300.59.179.1 * kernel-obs-qa-5.3.18-150300.59.179.1 * gfs2-kmp-default-5.3.18-150300.59.179.1 * cluster-md-kmp-default-5.3.18-150300.59.179.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-base-5.3.18-150300.59.179.1.150300.18.105.2 * dlm-kmp-default-5.3.18-150300.59.179.1 * ocfs2-kmp-default-5.3.18-150300.59.179.1 * kernel-obs-build-debugsource-5.3.18-150300.59.179.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-base-rebuild-5.3.18-150300.59.179.1.150300.18.105.2 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-optional-debuginfo-5.3.18-150300.59.179.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-extra-5.3.18-150300.59.179.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-default-livepatch-5.3.18-150300.59.179.1 * kernel-default-debugsource-5.3.18-150300.59.179.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-devel-5.3.18-150300.59.179.1 * kernel-default-optional-5.3.18-150300.59.179.1 * kernel-default-extra-debuginfo-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-livepatch-devel-5.3.18-150300.59.179.1 * reiserfs-kmp-default-5.3.18-150300.59.179.1 * kernel-obs-build-5.3.18-150300.59.179.1 * kselftests-kmp-default-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-1-150300.7.3.2 * kernel-livepatch-SLE15-SP3_Update_49-debugsource-1-150300.7.3.2 * kernel-livepatch-5_3_18-150300_59_179-default-1-150300.7.3.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_179-preempt-1-150300.7.3.2 * kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-1-150300.7.3.2 * openSUSE Leap 15.3 (aarch64 x86_64) * reiserfs-kmp-preempt-5.3.18-150300.59.179.1 * kselftests-kmp-preempt-5.3.18-150300.59.179.1 * kernel-preempt-debugsource-5.3.18-150300.59.179.1 * kernel-preempt-optional-5.3.18-150300.59.179.1 * dlm-kmp-preempt-5.3.18-150300.59.179.1 * kernel-preempt-debuginfo-5.3.18-150300.59.179.1 * gfs2-kmp-preempt-5.3.18-150300.59.179.1 * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.179.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.179.1 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.179.1 * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.179.1 * ocfs2-kmp-preempt-5.3.18-150300.59.179.1 * kernel-preempt-devel-5.3.18-150300.59.179.1 * kernel-preempt-livepatch-devel-5.3.18-150300.59.179.1 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.179.1 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.179.1 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.179.1 * cluster-md-kmp-preempt-5.3.18-150300.59.179.1 * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.179.1 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.179.1 * kernel-preempt-extra-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.179.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (aarch64) * dtb-exynos-5.3.18-150300.59.179.1 * dtb-allwinner-5.3.18-150300.59.179.1 * dtb-cavium-5.3.18-150300.59.179.1 * dtb-renesas-5.3.18-150300.59.179.1 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.179.1 * kernel-64kb-livepatch-devel-5.3.18-150300.59.179.1 * dtb-sprd-5.3.18-150300.59.179.1 * kselftests-kmp-64kb-5.3.18-150300.59.179.1 * dtb-zte-5.3.18-150300.59.179.1 * gfs2-kmp-64kb-5.3.18-150300.59.179.1 * kernel-64kb-devel-5.3.18-150300.59.179.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.179.1 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.179.1 * dtb-xilinx-5.3.18-150300.59.179.1 * kernel-64kb-extra-5.3.18-150300.59.179.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.179.1 * dtb-socionext-5.3.18-150300.59.179.1 * dtb-al-5.3.18-150300.59.179.1 * dtb-freescale-5.3.18-150300.59.179.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.179.1 * dtb-altera-5.3.18-150300.59.179.1 * kernel-64kb-optional-5.3.18-150300.59.179.1 * dtb-marvell-5.3.18-150300.59.179.1 * dtb-amlogic-5.3.18-150300.59.179.1 * dtb-qcom-5.3.18-150300.59.179.1 * dtb-rockchip-5.3.18-150300.59.179.1 * kernel-64kb-debuginfo-5.3.18-150300.59.179.1 * reiserfs-kmp-64kb-5.3.18-150300.59.179.1 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.179.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.179.1 * dtb-apm-5.3.18-150300.59.179.1 * dtb-broadcom-5.3.18-150300.59.179.1 * dtb-amd-5.3.18-150300.59.179.1 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.179.1 * dtb-arm-5.3.18-150300.59.179.1 * dtb-mediatek-5.3.18-150300.59.179.1 * cluster-md-kmp-64kb-5.3.18-150300.59.179.1 * dlm-kmp-64kb-5.3.18-150300.59.179.1 * kernel-64kb-debugsource-5.3.18-150300.59.179.1 * dtb-nvidia-5.3.18-150300.59.179.1 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.179.1 * ocfs2-kmp-64kb-5.3.18-150300.59.179.1 * dtb-lg-5.3.18-150300.59.179.1 * dtb-hisilicon-5.3.18-150300.59.179.1 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-1-150300.7.3.2 * kernel-default-livepatch-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 * kernel-livepatch-SLE15-SP3_Update_49-debugsource-1-150300.7.3.2 * kernel-default-debugsource-5.3.18-150300.59.179.1 * kernel-default-livepatch-devel-5.3.18-150300.59.179.1 * kernel-livepatch-5_3_18-150300_59_179-default-1-150300.7.3.2 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.179.1 * gfs2-kmp-default-5.3.18-150300.59.179.1 * ocfs2-kmp-default-5.3.18-150300.59.179.1 * cluster-md-kmp-default-5.3.18-150300.59.179.1 * kernel-default-debugsource-5.3.18-150300.59.179.1 * dlm-kmp-default-5.3.18-150300.59.179.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.179.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.179.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.179.1 * kernel-64kb-debuginfo-5.3.18-150300.59.179.1 * kernel-64kb-devel-5.3.18-150300.59.179.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.179.1 * kernel-default-5.3.18-150300.59.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-syms-5.3.18-150300.59.179.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-preempt-debugsource-5.3.18-150300.59.179.1 * kernel-preempt-devel-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 * kernel-preempt-debuginfo-5.3.18-150300.59.179.1 * kernel-default-debugsource-5.3.18-150300.59.179.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-base-5.3.18-150300.59.179.1.150300.18.105.2 * kernel-obs-build-debugsource-5.3.18-150300.59.179.1 * reiserfs-kmp-default-5.3.18-150300.59.179.1 * kernel-obs-build-5.3.18-150300.59.179.1 * kernel-default-devel-5.3.18-150300.59.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.179.1 * kernel-macros-5.3.18-150300.59.179.1 * kernel-devel-5.3.18-150300.59.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.179.1 * kernel-64kb-debuginfo-5.3.18-150300.59.179.1 * kernel-64kb-devel-5.3.18-150300.59.179.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.3.18-150300.59.179.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-debugsource-5.3.18-150300.59.179.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-base-5.3.18-150300.59.179.1.150300.18.105.2 * kernel-obs-build-debugsource-5.3.18-150300.59.179.1 * reiserfs-kmp-default-5.3.18-150300.59.179.1 * kernel-obs-build-5.3.18-150300.59.179.1 * kernel-default-devel-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-source-5.3.18-150300.59.179.1 * kernel-macros-5.3.18-150300.59.179.1 * kernel-devel-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.179.1 * kernel-preempt-debugsource-5.3.18-150300.59.179.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-preempt-debuginfo-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.179.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-syms-5.3.18-150300.59.179.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-debugsource-5.3.18-150300.59.179.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-base-5.3.18-150300.59.179.1.150300.18.105.2 * kernel-obs-build-debugsource-5.3.18-150300.59.179.1 * reiserfs-kmp-default-5.3.18-150300.59.179.1 * kernel-obs-build-5.3.18-150300.59.179.1 * kernel-default-devel-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.179.1 * kernel-macros-5.3.18-150300.59.179.1 * kernel-devel-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-devel-5.3.18-150300.59.179.1 * kernel-preempt-debugsource-5.3.18-150300.59.179.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-preempt-debuginfo-5.3.18-150300.59.179.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.179.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.179.1 * kernel-64kb-debuginfo-5.3.18-150300.59.179.1 * kernel-64kb-devel-5.3.18-150300.59.179.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.179.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.179.1 * kernel-default-5.3.18-150300.59.179.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-syms-5.3.18-150300.59.179.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.179.1 * kernel-preempt-debugsource-5.3.18-150300.59.179.1 * kernel-preempt-devel-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 * kernel-preempt-debuginfo-5.3.18-150300.59.179.1 * kernel-default-debugsource-5.3.18-150300.59.179.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-base-5.3.18-150300.59.179.1.150300.18.105.2 * kernel-obs-build-debugsource-5.3.18-150300.59.179.1 * reiserfs-kmp-default-5.3.18-150300.59.179.1 * kernel-obs-build-5.3.18-150300.59.179.1 * kernel-default-devel-5.3.18-150300.59.179.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-source-5.3.18-150300.59.179.1 * kernel-macros-5.3.18-150300.59.179.1 * kernel-devel-5.3.18-150300.59.179.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 * kernel-default-base-5.3.18-150300.59.179.1.150300.18.105.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.179.1.150300.18.105.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.179.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.179.1.150300.18.105.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.179.1 * kernel-default-debuginfo-5.3.18-150300.59.179.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47069.html * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2024-36971.html * https://www.suse.com/security/cve/CVE-2024-41087.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-45003.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-46695.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://bugzilla.suse.com/show_bug.cgi?id=1220826 * https://bugzilla.suse.com/show_bug.cgi?id=1226145 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1228466 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230245 * https://bugzilla.suse.com/show_bug.cgi?id=1230326 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230519 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 10 16:31:21 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 10 Oct 2024 16:31:21 -0000 Subject: SUSE-SU-2024:3591-1: important: Security update for the Linux Kernel Message-ID: <172857788164.27570.14911808175944217707@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3591-1 Release Date: 2024-10-10T15:34:35Z Rating: important References: * bsc#1054914 * bsc#1065729 * bsc#1207341 * bsc#1225316 * bsc#1226846 * bsc#1226860 * bsc#1226878 * bsc#1227487 * bsc#1227941 * bsc#1227952 * bsc#1227953 * bsc#1228000 * bsc#1228002 * bsc#1228068 * bsc#1228507 * bsc#1228615 * bsc#1228620 * bsc#1228635 * bsc#1229334 * bsc#1229362 * bsc#1229363 * bsc#1229456 * bsc#1229457 * bsc#1229633 * bsc#1229645 * bsc#1229739 * bsc#1229753 * bsc#1229764 * bsc#1229790 * bsc#1229830 * bsc#1230015 * bsc#1230151 * bsc#1230171 * bsc#1230174 * bsc#1230176 * bsc#1230178 * bsc#1230180 * bsc#1230185 * bsc#1230200 * bsc#1230204 * bsc#1230233 * bsc#1230248 * bsc#1230270 * bsc#1230398 * bsc#1230506 * bsc#1230515 * bsc#1230517 * bsc#1230533 * bsc#1230535 * bsc#1230549 * bsc#1230556 * bsc#1230582 * bsc#1230589 * bsc#1230700 * bsc#1230702 * bsc#1230709 * bsc#1230710 * bsc#1230712 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230747 * bsc#1230748 * bsc#1230756 * bsc#1230761 * bsc#1230763 * bsc#1230767 * bsc#1230771 * bsc#1230783 * bsc#1230796 * bsc#1230810 * bsc#1230814 * bsc#1230815 * bsc#1230826 * bsc#1231083 * bsc#1231084 * bsc#1231089 * bsc#1231120 * bsc#1231146 * bsc#1231184 Cross-References: * CVE-2021-47387 * CVE-2022-48788 * CVE-2022-48789 * CVE-2022-48790 * CVE-2022-48791 * CVE-2022-48799 * CVE-2022-48844 * CVE-2022-48911 * CVE-2022-48943 * CVE-2022-48945 * CVE-2023-52915 * CVE-2024-38381 * CVE-2024-38596 * CVE-2024-38632 * CVE-2024-41073 * CVE-2024-41079 * CVE-2024-41082 * CVE-2024-42154 * CVE-2024-42265 * CVE-2024-42305 * CVE-2024-42306 * CVE-2024-43884 * CVE-2024-43890 * CVE-2024-43898 * CVE-2024-43912 * CVE-2024-43914 * CVE-2024-44946 * CVE-2024-44947 * CVE-2024-44948 * CVE-2024-44950 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44969 * CVE-2024-44982 * CVE-2024-44987 * CVE-2024-44998 * CVE-2024-44999 * CVE-2024-45008 * CVE-2024-46673 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46702 * CVE-2024-46707 * CVE-2024-46715 * CVE-2024-46721 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46731 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46750 * CVE-2024-46753 * CVE-2024-46759 * CVE-2024-46761 * CVE-2024-46770 * CVE-2024-46774 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46787 * CVE-2024-46822 * CVE-2024-46853 * CVE-2024-46854 * CVE-2024-46859 CVSS scores: * CVE-2021-47387 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48788 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-48788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48799 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48844 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48844 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48943 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38381 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38381 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38596 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41073 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41079 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-42305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43884 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43884 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43912 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43912 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44947 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46770 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46770 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46853 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46854 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46854 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 71 vulnerabilities and has nine security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (bsc#1225316). * CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1227952). * CVE-2022-48789: nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1228000). * CVE-2022-48790: nvme: fix a possible use-after-free in controller reset during load (bsc#1227941). * CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) * CVE-2022-48799: perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953). * CVE-2022-48844: Bluetooth: hci_core: Fix leaking sent_cmd skb (bsc#1228068). * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2022-48943: KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1229645). * CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). * CVE-2023-52915: media: dvb-usb-v2: af9035: fix missing unlock (bsc#1230270). * CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). * CVE-2024-41073: nvme: avoid double free special payload (bsc#1228635). * CVE-2024-41079: nvmet: always initialize cqe.result (bsc#1228615). * CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). * CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). * CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). * CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). * CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). * CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-44948: x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174). * CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). * CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). * CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176). * CVE-2024-44969: s390/sclp: Prevent release of buffer in I/O (bsc#1230200). * CVE-2024-44982: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (bsc#1230204). * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46675: usb: dwc3: core: Prevent USB core invalid event buffer address access (bsc#1230533). * CVE-2024-46676: nfc: pn533: Add poll mod list filling check (bsc#1230535). * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) * CVE-2024-46707: KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (bsc#1230582). * CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). * CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) * CVE-2024-46722: drm/amdgpu: fix mc_data out-of-bounds read warning (bsc#1230712). * CVE-2024-46723: drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702). * CVE-2024-46731: drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709). * CVE-2024-46738: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (bsc#1230731). * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46744: Squashfs: sanity check symbolic link size (bsc#1230747). * CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots (bsc#1230748). * CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (bsc#1230814). * CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (bsc#1230761). * CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). * CVE-2024-46853: spi: nxp-fspi: fix the KASAN report out-of-bounds bug (bsc#1231083). * CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). * CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1231089). The following non-security bugs were fixed: * ACPI / EC: Clean up EC GPE mask flag (git-fixes). * ACPI: EC: Avoid printing confusing messages in acpi_ec_setup() (git-fixes). * ACPI: EC: Fix an EC event IRQ storming issue (git-fixes). * ACPI: EC: tweak naming in preparation for GpioInt support (git-fixes). * ACPI: SPCR: Consider baud rate 0 as preconfigured state (git-fixes). * ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment errata (git- fixes). * ACPI: SPCR: work around clock issue on xgene UART (git-fixes). * ACPI: blacklist: fix clang warning for unused DMI table (git-fixes). * ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 (git-fixes). * Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). * Fix bsc#1054914 reference. * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk" (git-fixes). * af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). * af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). * autofs4: use wait_event_killable (bsc#1207341). * ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231184). * fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230151). * kabi fix for proc/mounts: add cursor (bsc#1207341). * kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848) These are lowlevel functions not used outside of exception handling and kernel debugging facilities. * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * media: vivid: avoid integer overflow (git-fixes). * media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). * media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). * media: vivid: s_fbuf: add more sanity checks (git-fixes). * net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git- fixes). * net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git- fixes). * net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git- fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * powerpc sstep: Add support for cnttzw, cnttzd instructions (bsc#1230826 ltc#205848). * powerpc sstep: Add support for extswsli instruction (bsc#1230826 ltc#205848). * powerpc sstep: Add support for modsd, modud instructions (bsc#1230826 ltc#205848). * powerpc sstep: Add support for modsw, moduw instructions (bsc#1230826 ltc#205848). * powerpc/32: Move the inline keyword at the beginning of function declaration (bsc#1230826 ltc#205848). * powerpc/64: Fix update forms of loads and stores to write 64-bit EA (bsc#1230826 ltc#205848). * powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1230826 ltc#205848). * powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git- fixes). * powerpc/imc-pmu: Revert nest_init_lock to being a mutex (bsc#1065729). * powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729). * powerpc/kprobes: Blacklist emulate_update_regs() from kprobes (bsc#1230826 ltc#205848). * powerpc/kprobes: Update optprobes to use emulate_update_regs() (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0 (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix count leading zeros instructions (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix fixed-point arithmetic instructions that set CA32 (bsc#1230826 ltc#205848). * powerpc/lib/sstep: Fix fixed-point shift instructions that set CA32 (bsc#1230826 ltc#205848). * powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826 ltc#205848). * powerpc/lib: Fix "integer constant is too large" build failure (bsc#1230826 ltc#205848). * powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826 ltc#205848). * powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826 ltc#205848). * powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1065729). * powerpc/sstep: Add support for divde[.] and divdeu[.] instructions (bsc#1230826 ltc#205848). * powerpc/sstep: Avoid used uninitialized error (bsc#1230826 ltc#205848). * powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1230826 ltc#205848). * powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848). * powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1230826 ltc#205848). * powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848). * powerpc/sstep: Fix issues with set_cr0() (bsc#1230826 ltc#205848). * powerpc/sstep: Fix kernel crash if VSX is not present (bsc#1230826 ltc#205848). * powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848). * powerpc/sstep: mullw should calculate a 64 bit signed result (bsc#1230826 ltc#205848). * powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). * powerpc: Add emulation for the addpcis instruction (bsc#1230826 ltc#205848). * powerpc: Change analyse_instr so it does not modify *regs (bsc#1230826 ltc#205848). * powerpc: Do not check MSR FP/VMX/VSX enable bits in analyse_instr() (bsc#1230826 ltc#205848). * powerpc: Do not update CR0 in emulation of popcnt, prty, bpermd instructions (bsc#1230826 ltc#205848). * powerpc: Emulate FP/vector/VSX loads/stores correctly when regs not live (bsc#1230826 ltc#205848). * powerpc: Emulate load/store floating double pair instructions (bsc#1230826 ltc#205848). * powerpc: Emulate load/store floating point as integer word instructions (bsc#1230826 ltc#205848). * powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848). * powerpc: Emulate vector element load/store instructions (bsc#1230826 ltc#205848). * powerpc: Fix emulation of the isel instruction (bsc#1230826 ltc#205848). * powerpc: Fix handling of alignment interrupt on dcbz instruction (bsc#1230826 ltc#205848). * powerpc: Fix kernel crash in emulation of vector loads and stores (bsc#1230826 ltc#205848). * powerpc: Handle most loads and stores in instruction emulation code (bsc#1230826 ltc#205848). * powerpc: Handle opposite-endian processes in emulation code (bsc#1230826 ltc#205848). * powerpc: Make load/store emulation use larger memory accesses (bsc#1230826 ltc#205848). * powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). * powerpc: Separate out load/store emulation into its own function (bsc#1230826 ltc#205848). * powerpc: Set regs->dar if memory access fails in emulate_step() (bsc#1230826 ltc#205848). * powerpc: Use instruction emulation infrastructure to handle alignment faults (bsc#1230826 ltc#205848). * powerpc: Wrap register number correctly for string load/store instructions (bsc#1230826 ltc#205848). * powerpc: sstep: Add support for darn instruction (bsc#1230826 ltc#205848). * powerpc: sstep: Add support for maddhd, maddhdu, maddld instructions (bsc#1230826 ltc#205848). * proc/mounts: add cursor (bsc#1207341). * profiling: fix shift too large makes kernel panic (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git- fixes). * usbnet: fix cyclical race on disconnect with work queue (git-fixes). * usbnet: modern method to get random MAC (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3591=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3591=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3591=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.200.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.200.1 * kernel-syms-azure-4.12.14-16.200.1 * kernel-azure-base-4.12.14-16.200.1 * kernel-azure-devel-4.12.14-16.200.1 * kernel-azure-base-debuginfo-4.12.14-16.200.1 * kernel-azure-debugsource-4.12.14-16.200.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.200.1 * kernel-devel-azure-4.12.14-16.200.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.200.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.200.1 * kernel-syms-azure-4.12.14-16.200.1 * kernel-azure-base-4.12.14-16.200.1 * kernel-azure-devel-4.12.14-16.200.1 * kernel-azure-base-debuginfo-4.12.14-16.200.1 * kernel-azure-debugsource-4.12.14-16.200.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.200.1 * kernel-devel-azure-4.12.14-16.200.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.200.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-debuginfo-4.12.14-16.200.1 * kernel-syms-azure-4.12.14-16.200.1 * kernel-azure-base-4.12.14-16.200.1 * kernel-azure-devel-4.12.14-16.200.1 * kernel-azure-base-debuginfo-4.12.14-16.200.1 * kernel-azure-debugsource-4.12.14-16.200.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.200.1 * kernel-devel-azure-4.12.14-16.200.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47387.html * https://www.suse.com/security/cve/CVE-2022-48788.html * https://www.suse.com/security/cve/CVE-2022-48789.html * https://www.suse.com/security/cve/CVE-2022-48790.html * https://www.suse.com/security/cve/CVE-2022-48791.html * https://www.suse.com/security/cve/CVE-2022-48799.html * https://www.suse.com/security/cve/CVE-2022-48844.html * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48943.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2023-52915.html * https://www.suse.com/security/cve/CVE-2024-38381.html * https://www.suse.com/security/cve/CVE-2024-38596.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-41073.html * https://www.suse.com/security/cve/CVE-2024-41079.html * https://www.suse.com/security/cve/CVE-2024-41082.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42265.html * https://www.suse.com/security/cve/CVE-2024-42305.html * https://www.suse.com/security/cve/CVE-2024-42306.html * https://www.suse.com/security/cve/CVE-2024-43884.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43898.html * https://www.suse.com/security/cve/CVE-2024-43912.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44947.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44950.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44998.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46721.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46770.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://www.suse.com/security/cve/CVE-2024-46853.html * https://www.suse.com/security/cve/CVE-2024-46854.html * https://www.suse.com/security/cve/CVE-2024-46859.html * https://bugzilla.suse.com/show_bug.cgi?id=1054914 * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1207341 * https://bugzilla.suse.com/show_bug.cgi?id=1225316 * https://bugzilla.suse.com/show_bug.cgi?id=1226846 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1226878 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227941 * https://bugzilla.suse.com/show_bug.cgi?id=1227952 * https://bugzilla.suse.com/show_bug.cgi?id=1227953 * https://bugzilla.suse.com/show_bug.cgi?id=1228000 * https://bugzilla.suse.com/show_bug.cgi?id=1228002 * https://bugzilla.suse.com/show_bug.cgi?id=1228068 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228615 * https://bugzilla.suse.com/show_bug.cgi?id=1228620 * https://bugzilla.suse.com/show_bug.cgi?id=1228635 * https://bugzilla.suse.com/show_bug.cgi?id=1229334 * https://bugzilla.suse.com/show_bug.cgi?id=1229362 * https://bugzilla.suse.com/show_bug.cgi?id=1229363 * https://bugzilla.suse.com/show_bug.cgi?id=1229456 * https://bugzilla.suse.com/show_bug.cgi?id=1229457 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1229645 * https://bugzilla.suse.com/show_bug.cgi?id=1229739 * https://bugzilla.suse.com/show_bug.cgi?id=1229753 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229830 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230151 * https://bugzilla.suse.com/show_bug.cgi?id=1230171 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230180 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230270 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230710 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230763 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230826 * https://bugzilla.suse.com/show_bug.cgi?id=1231083 * https://bugzilla.suse.com/show_bug.cgi?id=1231084 * https://bugzilla.suse.com/show_bug.cgi?id=1231089 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://bugzilla.suse.com/show_bug.cgi?id=1231184 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 10 16:33:39 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 10 Oct 2024 16:33:39 -0000 Subject: SUSE-SU-2024:3587-1: important: Security update for the Linux Kernel Message-ID: <172857801972.27570.2871320644365704532@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3587-1 Release Date: 2024-10-10T13:29:57Z Rating: important References: * bsc#1054914 * bsc#1065729 * bsc#1194869 * bsc#1199769 * bsc#1216223 * bsc#1220382 * bsc#1221610 * bsc#1221650 * bsc#1222629 * bsc#1222973 * bsc#1223600 * bsc#1223848 * bsc#1224085 * bsc#1225903 * bsc#1226003 * bsc#1226606 * bsc#1226631 * bsc#1226662 * bsc#1226666 * bsc#1226846 * bsc#1226860 * bsc#1226875 * bsc#1226915 * bsc#1227487 * bsc#1227726 * bsc#1227819 * bsc#1227832 * bsc#1227890 * bsc#1228507 * bsc#1228576 * bsc#1228620 * bsc#1228747 * bsc#1228771 * bsc#1229031 * bsc#1229034 * bsc#1229086 * bsc#1229156 * bsc#1229334 * bsc#1229362 * bsc#1229363 * bsc#1229364 * bsc#1229394 * bsc#1229429 * bsc#1229453 * bsc#1229572 * bsc#1229573 * bsc#1229585 * bsc#1229607 * bsc#1229619 * bsc#1229633 * bsc#1229662 * bsc#1229753 * bsc#1229764 * bsc#1229790 * bsc#1229810 * bsc#1229830 * bsc#1229891 * bsc#1229899 * bsc#1229928 * bsc#1229947 * bsc#1230015 * bsc#1230055 * bsc#1230129 * bsc#1230130 * bsc#1230170 * bsc#1230171 * bsc#1230174 * bsc#1230175 * bsc#1230176 * bsc#1230178 * bsc#1230180 * bsc#1230185 * bsc#1230192 * bsc#1230193 * bsc#1230194 * bsc#1230200 * bsc#1230204 * bsc#1230209 * bsc#1230211 * bsc#1230217 * bsc#1230224 * bsc#1230230 * bsc#1230233 * bsc#1230244 * bsc#1230245 * bsc#1230247 * bsc#1230248 * bsc#1230269 * bsc#1230289 * bsc#1230339 * bsc#1230340 * bsc#1230392 * bsc#1230398 * bsc#1230431 * bsc#1230433 * bsc#1230434 * bsc#1230440 * bsc#1230442 * bsc#1230444 * bsc#1230450 * bsc#1230451 * bsc#1230454 * bsc#1230506 * bsc#1230507 * bsc#1230511 * bsc#1230515 * bsc#1230517 * bsc#1230524 * bsc#1230533 * bsc#1230535 * bsc#1230549 * bsc#1230550 * bsc#1230556 * bsc#1230582 * bsc#1230589 * bsc#1230591 * bsc#1230592 * bsc#1230699 * bsc#1230700 * bsc#1230701 * bsc#1230702 * bsc#1230703 * bsc#1230705 * bsc#1230706 * bsc#1230709 * bsc#1230710 * bsc#1230711 * bsc#1230712 * bsc#1230719 * bsc#1230724 * bsc#1230725 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230733 * bsc#1230747 * bsc#1230748 * bsc#1230751 * bsc#1230752 * bsc#1230756 * bsc#1230761 * bsc#1230763 * bsc#1230766 * bsc#1230767 * bsc#1230768 * bsc#1230771 * bsc#1230774 * bsc#1230783 * bsc#1230786 * bsc#1230791 * bsc#1230794 * bsc#1230796 * bsc#1230802 * bsc#1230806 * bsc#1230808 * bsc#1230810 * bsc#1230812 * bsc#1230813 * bsc#1230814 * bsc#1230815 * bsc#1230821 * bsc#1230825 * bsc#1230830 * bsc#1231013 * bsc#1231017 * bsc#1231084 * bsc#1231085 * bsc#1231087 * bsc#1231115 * bsc#1231116 * bsc#1231120 * bsc#1231146 * bsc#1231180 * bsc#1231181 * bsc#1231277 * bsc#1231327 Cross-References: * CVE-2022-48901 * CVE-2022-48911 * CVE-2022-48923 * CVE-2022-48935 * CVE-2022-48944 * CVE-2022-48945 * CVE-2023-52610 * CVE-2023-52916 * CVE-2024-26640 * CVE-2024-26759 * CVE-2024-26767 * CVE-2024-26804 * CVE-2024-26837 * CVE-2024-37353 * CVE-2024-38538 * CVE-2024-38596 * CVE-2024-38632 * CVE-2024-40910 * CVE-2024-40973 * CVE-2024-40983 * CVE-2024-41062 * CVE-2024-41082 * CVE-2024-42154 * CVE-2024-42259 * CVE-2024-42265 * CVE-2024-42304 * CVE-2024-42305 * CVE-2024-42306 * CVE-2024-43828 * CVE-2024-43890 * CVE-2024-43898 * CVE-2024-43912 * CVE-2024-43914 * CVE-2024-44935 * CVE-2024-44944 * CVE-2024-44946 * CVE-2024-44948 * CVE-2024-44950 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44967 * CVE-2024-44969 * CVE-2024-44970 * CVE-2024-44971 * CVE-2024-44977 * CVE-2024-44982 * CVE-2024-44986 * CVE-2024-44987 * CVE-2024-44988 * CVE-2024-44989 * CVE-2024-44990 * CVE-2024-44998 * CVE-2024-44999 * CVE-2024-45000 * CVE-2024-45001 * CVE-2024-45003 * CVE-2024-45006 * CVE-2024-45007 * CVE-2024-45008 * CVE-2024-45011 * CVE-2024-45013 * CVE-2024-45015 * CVE-2024-45018 * CVE-2024-45020 * CVE-2024-45021 * CVE-2024-45026 * CVE-2024-45028 * CVE-2024-45029 * CVE-2024-46673 * CVE-2024-46674 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46678 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46689 * CVE-2024-46694 * CVE-2024-46702 * CVE-2024-46707 * CVE-2024-46714 * CVE-2024-46715 * CVE-2024-46717 * CVE-2024-46720 * CVE-2024-46721 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46724 * CVE-2024-46725 * CVE-2024-46726 * CVE-2024-46728 * CVE-2024-46730 * CVE-2024-46731 * CVE-2024-46732 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46746 * CVE-2024-46747 * CVE-2024-46750 * CVE-2024-46751 * CVE-2024-46752 * CVE-2024-46753 * CVE-2024-46755 * CVE-2024-46756 * CVE-2024-46758 * CVE-2024-46759 * CVE-2024-46761 * CVE-2024-46770 * CVE-2024-46771 * CVE-2024-46773 * CVE-2024-46774 * CVE-2024-46775 * CVE-2024-46780 * CVE-2024-46781 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46786 * CVE-2024-46787 * CVE-2024-46791 * CVE-2024-46794 * CVE-2024-46798 * CVE-2024-46822 * CVE-2024-46826 * CVE-2024-46830 * CVE-2024-46854 * CVE-2024-46855 * CVE-2024-46857 CVSS scores: * CVE-2022-48901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48923 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-48923 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48923 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48935 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-48944 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52610 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26759 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26767 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-26767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26804 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26837 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-37353 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38596 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40910 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40910 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-40973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40983 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41062 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42259 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42259 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-42259 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-42304 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43912 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43912 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44967 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44967 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44977 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-45018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45028 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45028 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46678 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46678 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46678 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46724 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46724 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46725 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46725 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46726 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46726 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46732 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46746 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46746 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46746 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46747 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46747 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46747 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46752 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46752 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46756 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46756 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46758 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46758 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46770 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46770 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46775 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46780 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46786 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46786 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46791 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46794 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46794 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-46798 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46826 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46830 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46854 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46854 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46855 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46855 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46857 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46857 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 132 vulnerabilities and has 44 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) * CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) * CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). * CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). * CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). * CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). * CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). * CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). * CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). * CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). * CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). * CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). * CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). * CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). * CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). * CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). * CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). * CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) * CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). * CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). * CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). * CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). * CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). * CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). * CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). * CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). * CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). * CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). * CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). * CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). * CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). * CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). * CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). * CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). * CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). * CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) * CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) * CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) * CVE-2024-46707: KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (bsc#1230582). * CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). * CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). * CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) * CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) * CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). * CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). * CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). * CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115). * CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). * CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). * CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085). * CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087). The following non-security bugs were fixed: * ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). * ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git- fixes). * ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). * ACPI: battery: create alarm sysfs attribute atomically (git-fixes). * ACPI: processor: Fix memory leaks in error paths of processor_add() (stable- fixes). * ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). * ACPI: sysfs: validate return type of _STR method (git-fixes). * ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). * ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). * ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). * ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). * ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). * ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). * ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). * ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). * ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). * ASoC: tegra: Fix CBB error during probe() (git-fixes). * ASoC: topology: Properly initialize soc_enum values (stable-fixes). * ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). * Bluetooth: L2CAP: Fix deadlock (git-fixes). * Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). * Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). * Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). * Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git- fixes). * Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). * Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). * HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). * HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable- fixes). * IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) * IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git- fixes) * Input: ilitek_ts_i2c - add report id message validation (git-fixes). * Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). * Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * Input: uinput - reject requests with unreasonable number of slots (stable- fixes). * KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277). * NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). * NFS: Reduce use of uncached readdir (bsc#1226662). * NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). * NFSD: Fix frame size warning in svc_export_parse() (git-fixes). * NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). * NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). * PCI/ASPM: Move pci_function_0() upward (bsc#1226915) * PCI/ASPM: Remove struct aspm_latency (bsc#1226915) * PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) * PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) * PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). * PCI: Support BAR sizes up to 8TB (bsc#1231017) * PCI: Wait for Link before restoring Downstream Buses (git-fixes). * PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). * PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). * PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). * PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). * PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable- fixes). * PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). * PCI: xilinx-nwl: Fix register misspelling (git-fixes). * PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/efa: Properly handle unexpected AQ completions (git-fixes) * RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) * RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git- fixes) * RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) * RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) * RDMA/hns: Optimize hem allocation performance (git-fixes) * RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) * RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) * RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git- fixes) * Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). * Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (git-fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (git-fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (stable-fixes). * Revert "mm, kmsan: fix infinite recursion due to RCU critical section". * Revert "mm/sparsemem: fix race in accessing memory_section->usage". * Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()". * Squashfs: sanity check symbolic link size (git-fixes). * USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). * USB: serial: kobil_sct: restore initial terminal settings (git-fixes). * USB: serial: option: add MeiG Smart SRM825L (git-fixes). * USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). * VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). * af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). * af_unix: Fix data-races around sk->sk_shutdown (git-fixes). * af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). * apparmor: fix possible NULL pointer dereference (stable-fixes). * arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) * arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) * arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). * arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git- fixes). * arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). * arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git- fixes). * arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) * arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) * arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) * ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). * ata: pata_macio: Use WARN instead of BUG (stable-fixes). * blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). * blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). * blk-mq: add number of queue calc helper (bsc#1229034). * blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). * blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). * blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). * blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). * cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). * cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). * can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). * can: bcm: Remove proc entry when dev is unregistered (git-fixes). * can: j1939: use correct function name in comment (git-fixes). * can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git- fixes). * cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). * ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). * char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git- fixes). * char: xillybus: Check USB endpoints when probing device (git-fixes). * clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). * clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git- fixes). * clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). * cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). * crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). * crypto: virtio - Handle dataq logic with tasklet (git-fixes). * crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). * crypto: xor - fix template benchmarking (git-fixes). * devres: Initialize an uninitialized struct member (stable-fixes). * driver core: Add debug logs when fwnode links are added/deleted (git-fixes). * driver core: Add missing parameter description to __fwnode_link_add() (git- fixes). * driver core: Create __fwnode_link_del() helper function (git-fixes). * driver core: Set deferred probe reason when deferred by driver core (git- fixes). * driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). * driver core: fw_devlink: Consolidate device link flag computation (git- fixes). * drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). * drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). * drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). * drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). * drm/amd/amdgpu: Properly tune the size of struct (git-fixes). * drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). * drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). * drm/amd/display: Check HDCP returned status (stable-fixes). * drm/amd/display: Check denominator pbn_div before used (stable-fixes). * drm/amd/display: Check gpio_id before used as array index (stable-fixes). * drm/amd/display: Check msg_id before processing transcation (stable-fixes). * drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). * drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). * drm/amd/display: Ensure index calculation will not overflow (stable-fixes). * drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). * drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). * drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable- fixes). * drm/amd/display: Spinlock before reading event (stable-fixes). * drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). * drm/amd/display: added NULL check at start of dc_validate_stream (stable- fixes). * drm/amd/pm: Fix negative array index read (stable-fixes). * drm/amd/pm: check negtive return for table entries (stable-fixes). * drm/amd/pm: check specific index for aldebaran (stable-fixes). * drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable- fixes). * drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable- fixes). * drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). * drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). * drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable- fixes). * drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). * drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). * drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). * drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). * drm/amdgpu: Fix smatch static checker warning (stable-fixes). * drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable- fixes). * drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). * drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). * drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). * drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). * drm/amdgpu: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: fix dereference after null check (stable-fixes). * drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). * drm/amdgpu: fix overflowed array index read warning (stable-fixes). * drm/amdgpu: fix the waring dereferencing hive (stable-fixes). * drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). * drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). * drm/amdgpu: update type of buf size to u32 for eeprom functions (stable- fixes). * drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). * drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). * drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). * drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). * drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git- fixes). * drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). * drm/meson: plane: Add error handling (stable-fixes). * drm/msm/a5xx: disable preemption in submits by default (git-fixes). * drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). * drm/msm/a5xx: properly clear preemption records on resume (git-fixes). * drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). * drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). * drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) * drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). * drm/msm: fix %s null argument error (git-fixes). * drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git- fixes). * drm/radeon: fix null pointer dereference in radeon_add_common_modes (git- fixes). * drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git- fixes). * drm/rockchip: vop: Allow 4096px width scaling (git-fixes). * drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). * drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). * exfat: fix memory leak in exfat_load_bitmap() (git-fixes). * fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). * filemap: remove use of wait bookmarks (bsc#1224085). * firmware_loader: Block path traversal (git-fixes). * fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). * fuse: update stats for pages in dropped aux writeback list (bsc#1230130). * fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). * genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). * genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). * genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). * genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). * genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). * genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). * genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). * gfs2: setattr_chown: Add missing initialization (git-fixes). * hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable- fixes). * hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). * hwmon: (ntc_thermistor) fix module autoloading (git-fixes). * hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). * hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git- fixes). * hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git- fixes). * hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). * i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). * i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). * i2c: aspeed: Update the stop sw state when the bus recovery occurs (git- fixes). * i2c: isch: Add missed 'else' (git-fixes). * i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). * i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable- fixes). * iio: adc: ad7124: fix chip ID mismatch (git-fixes). * iio: adc: ad7124: fix config comparison (git-fixes). * iio: adc: ad7606: fix oversampling gpio array (git-fixes). * iio: adc: ad7606: fix standby gpio state to match the documentation (git- fixes). * iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). * iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git- fixes). * iio: fix scale application in iio_convert_raw_to_processed_unlocked (git- fixes). * iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). * ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). * ipmi:ssif: Improve detecting during probing (bsc#1228771) * ipmi:ssif: Improve detecting during probing (bsc#1228771) * jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). * kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). * kabi: add __nf_queue_get_refs() for kabi compliance. * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). * lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). * lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). * lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). * mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). * mailbox: rockchip: fix a typo in module autoloading (git-fixes). * media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (git-fixes). * media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) * media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). * media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). * media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). * media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). * media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). * media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). * media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). * media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). * media: vivid: fix wrong sizeimage value for mplane (stable-fixes). * mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). * mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). * mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). * mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). * mtd: slram: insert break after errors in parsing the map (git-fixes). * net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). * net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git- fixes). * net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891). * net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289). * net: missing check virtio (git-fixes). * net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). * nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). * nilfs2: Constify struct kobj_type (git-fixes). * nilfs2: determine empty node blocks as corrupted (git-fixes). * nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). * nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). * nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). * nilfs2: fix state management in error path of log writing function (git- fixes). * nilfs2: protect references to superblock parameters exposed in sysfs (git- fixes). * nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). * nilfs2: use default_groups in kobj_type (git-fixes). * nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). * nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). * nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). * nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). * nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). * nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). * nvmet-tcp: do not continue for invalid icreq (git-fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * nvmet-trace: avoid dereferencing pointer too early (git-fixes). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). * pcmcia: Use resource_size function on resource object (stable-fixes). * pinctrl: single: fix missing error code in pcs_probe() (git-fixes). * pinctrl: single: fix potential NULL dereference in pcs_get_function() (git- fixes). * platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). * platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). * platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git- fixes). * power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). * power: supply: axp20x_battery: Remove design from min and max voltage (git- fixes). * power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). * power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). * powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869). * powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869). * powerpc/boot: Only free if realloc() succeeds (bsc#1194869). * powerpc/code-patching: Add generic memory patching (bsc#1194869). * powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869). * powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869). * powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869). * powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869). * powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869). * powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869). * powerpc/code-patching: Pre-map patch area (bsc#1194869). * powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869). * powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869). * powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869). * powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869). * powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869). * powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869). * powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869). * powerpc/code-patching: introduce patch_instructions() (bsc#1194869). * powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869). * powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git- fixes). * powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git- fixes). * powerpc/inst: Refactor ___get_user_instr() (bsc#1194869). * powerpc/lib: Add __init attribute to eligible functions (bsc#1194869). * powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869). * powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869). * powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869). * powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869). * powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869). * powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869). * powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). * powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869). * rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631). * rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327) * rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). * s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747). * sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327) * scsi: fnic: Move flush_work initialization out of if block (bsc#1230055). * scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). * scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). * scsi: lpfc: Fix overflow build issue (bsc#1229429). * scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). * scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). * scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). * scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). * scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). * scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). * scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). * scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). * scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). * scsi: use block layer helpers to calculate num of queues (bsc#1229034). * spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). * staging: iio: frequency: ad9834: Validate frequency parameter value (git- fixes). * thunderbolt: Mark XDomain as unplugged when router is removed (stable- fixes). * tomoyo: fallback to realpath if symlink's pathname does not exist (git- fixes). * tools/virtio: fix build (git-fixes). * tpm: Clean up TPM space after command failure (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). * udp: fix receiving fraglist GSO packets (git-fixes). * uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git- fixes). * usb: cdnsp: Fix incorrect usb_request status (git-fixes). * usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). * usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). * usb: dwc3: core: Prevent USB core invalid event buffer address access (git- fixes). * usb: dwc3: core: Skip setting event buffers for host only controllers (git- fixes). * usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). * usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). * usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). * usb: dwc3: st: add missing depopulate in probe error path (git-fixes). * usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). * usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). * usb: uas: set host status byte on data completion error (git-fixes). * usb: uas: set host status byte on data completion error (stable-fixes). * usb: xhci: fix loss of data on Cadence xHC (git-fixes). * usbip: Do not submit special requests twice (stable-fixes). * usbnet: fix cyclical race on disconnect with work queue (git-fixes). * usbnet: ipheth: race between ipheth_close and error handling (git-fixes). * usbnet: modern method to get random MAC (git-fixes). * vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). * vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). * virito: add APIs for retrieving vq affinity (bsc#1229034). * virtio-blk: Ensure no requests in virtqueues before deleting vqs (git- fixes). * virtio/vsock: fix logic which reduces credit update messages (git-fixes). * virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). * virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). * virtio: reenable config if freezing device failed (git-fixes). * virtio_net: Fix "'%d' directive writing between 1 and 11 bytes into a region of size 10" warnings (git-fixes). * virtio_net: checksum offloading handling fix (git-fixes). * virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). * virtiofs: forbid newlines in tags (bsc#1230591). * vsock/virtio: add support for device suspend/resume (git-fixes). * vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). * vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). * vsock/virtio: remove socket from connected/bound list on shutdown (git- fixes). * watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). * wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). * wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). * wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git- fixes). * wifi: iwlwifi: mvm: increase the time between ranging measurements (git- fixes). * wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git- fixes). * wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git- fixes). * wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). * wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). * wifi: rtw88: always wait for both firmware loading attempts (git-fixes). * wifi: rtw88: remove CPT execution branch never used (git-fixes). * wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). * workqueue: Avoid using isolated cpus' timers on (bsc#1231327) * workqueue: mark power efficient workqueue as unbounded if (bsc#1231327) * x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). * x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). * x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). * x86/xen: Convert comma to semicolon (git-fixes). * xen/swiotlb: add alignment check for dma buffers (bsc#1229928). * xen/swiotlb: fix allocated size (git-fixes). * xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). * xen: allow mapping ACPI data using a different physical address (bsc#1226003). * xen: introduce generic helper checking for memory map conflicts (bsc#1226003). * xen: move checks for e820 conflicts further up (bsc#1226003). * xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). * xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). * xen: use correct end address of kernel for conflict checking (bsc#1226003). * xfs: do not include bnobt blocks when reserving free block pool (git-fixes). * xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git- fixes). * xz: cleanup CRC32 edits from 2018 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3587=1 openSUSE-SLE-15.5-2024-3587=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-3587=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.69.1 * reiserfs-kmp-azure-5.14.21-150500.33.69.1 * kernel-azure-devel-5.14.21-150500.33.69.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.69.1 * kernel-azure-extra-5.14.21-150500.33.69.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.69.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.69.1 * cluster-md-kmp-azure-5.14.21-150500.33.69.1 * kernel-azure-debugsource-5.14.21-150500.33.69.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.69.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.69.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.69.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.69.1 * ocfs2-kmp-azure-5.14.21-150500.33.69.1 * gfs2-kmp-azure-5.14.21-150500.33.69.1 * dlm-kmp-azure-5.14.21-150500.33.69.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.69.1 * kernel-syms-azure-5.14.21-150500.33.69.1 * kernel-azure-debuginfo-5.14.21-150500.33.69.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.69.1 * kernel-azure-optional-5.14.21-150500.33.69.1 * kselftests-kmp-azure-5.14.21-150500.33.69.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.69.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-5.14.21-150500.33.69.1 * kernel-azure-vdso-debuginfo-5.14.21-150500.33.69.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.69.1 * kernel-devel-azure-5.14.21-150500.33.69.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.69.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-syms-azure-5.14.21-150500.33.69.1 * kernel-azure-devel-5.14.21-150500.33.69.1 * kernel-azure-debuginfo-5.14.21-150500.33.69.1 * kernel-azure-debugsource-5.14.21-150500.33.69.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.69.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.69.1 * kernel-devel-azure-5.14.21-150500.33.69.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48901.html * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48923.html * https://www.suse.com/security/cve/CVE-2022-48935.html * https://www.suse.com/security/cve/CVE-2022-48944.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2023-52610.html * https://www.suse.com/security/cve/CVE-2023-52916.html * https://www.suse.com/security/cve/CVE-2024-26640.html * https://www.suse.com/security/cve/CVE-2024-26759.html * https://www.suse.com/security/cve/CVE-2024-26767.html * https://www.suse.com/security/cve/CVE-2024-26804.html * https://www.suse.com/security/cve/CVE-2024-26837.html * https://www.suse.com/security/cve/CVE-2024-37353.html * https://www.suse.com/security/cve/CVE-2024-38538.html * https://www.suse.com/security/cve/CVE-2024-38596.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-40910.html * https://www.suse.com/security/cve/CVE-2024-40973.html * https://www.suse.com/security/cve/CVE-2024-40983.html * https://www.suse.com/security/cve/CVE-2024-41062.html * https://www.suse.com/security/cve/CVE-2024-41082.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42259.html * https://www.suse.com/security/cve/CVE-2024-42265.html * https://www.suse.com/security/cve/CVE-2024-42304.html * https://www.suse.com/security/cve/CVE-2024-42305.html * https://www.suse.com/security/cve/CVE-2024-42306.html * https://www.suse.com/security/cve/CVE-2024-43828.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43898.html * https://www.suse.com/security/cve/CVE-2024-43912.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44935.html * https://www.suse.com/security/cve/CVE-2024-44944.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44950.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44967.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44970.html * https://www.suse.com/security/cve/CVE-2024-44971.html * https://www.suse.com/security/cve/CVE-2024-44977.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44986.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44988.html * https://www.suse.com/security/cve/CVE-2024-44989.html * https://www.suse.com/security/cve/CVE-2024-44990.html * https://www.suse.com/security/cve/CVE-2024-44998.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45000.html * https://www.suse.com/security/cve/CVE-2024-45001.html * https://www.suse.com/security/cve/CVE-2024-45003.html * https://www.suse.com/security/cve/CVE-2024-45006.html * https://www.suse.com/security/cve/CVE-2024-45007.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-45011.html * https://www.suse.com/security/cve/CVE-2024-45013.html * https://www.suse.com/security/cve/CVE-2024-45015.html * https://www.suse.com/security/cve/CVE-2024-45018.html * https://www.suse.com/security/cve/CVE-2024-45020.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-45026.html * https://www.suse.com/security/cve/CVE-2024-45028.html * https://www.suse.com/security/cve/CVE-2024-45029.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46674.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46678.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46689.html * https://www.suse.com/security/cve/CVE-2024-46694.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46714.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46717.html * https://www.suse.com/security/cve/CVE-2024-46720.html * https://www.suse.com/security/cve/CVE-2024-46721.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46724.html * https://www.suse.com/security/cve/CVE-2024-46725.html * https://www.suse.com/security/cve/CVE-2024-46726.html * https://www.suse.com/security/cve/CVE-2024-46728.html * https://www.suse.com/security/cve/CVE-2024-46730.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46732.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46746.html * https://www.suse.com/security/cve/CVE-2024-46747.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46751.html * https://www.suse.com/security/cve/CVE-2024-46752.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46755.html * https://www.suse.com/security/cve/CVE-2024-46756.html * https://www.suse.com/security/cve/CVE-2024-46758.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46770.html * https://www.suse.com/security/cve/CVE-2024-46771.html * https://www.suse.com/security/cve/CVE-2024-46773.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46775.html * https://www.suse.com/security/cve/CVE-2024-46780.html * https://www.suse.com/security/cve/CVE-2024-46781.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46786.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46791.html * https://www.suse.com/security/cve/CVE-2024-46794.html * https://www.suse.com/security/cve/CVE-2024-46798.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://www.suse.com/security/cve/CVE-2024-46826.html * https://www.suse.com/security/cve/CVE-2024-46830.html * https://www.suse.com/security/cve/CVE-2024-46854.html * https://www.suse.com/security/cve/CVE-2024-46855.html * https://www.suse.com/security/cve/CVE-2024-46857.html * https://bugzilla.suse.com/show_bug.cgi?id=1054914 * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1199769 * https://bugzilla.suse.com/show_bug.cgi?id=1216223 * https://bugzilla.suse.com/show_bug.cgi?id=1220382 * https://bugzilla.suse.com/show_bug.cgi?id=1221610 * https://bugzilla.suse.com/show_bug.cgi?id=1221650 * https://bugzilla.suse.com/show_bug.cgi?id=1222629 * https://bugzilla.suse.com/show_bug.cgi?id=1222973 * https://bugzilla.suse.com/show_bug.cgi?id=1223600 * https://bugzilla.suse.com/show_bug.cgi?id=1223848 * https://bugzilla.suse.com/show_bug.cgi?id=1224085 * https://bugzilla.suse.com/show_bug.cgi?id=1225903 * https://bugzilla.suse.com/show_bug.cgi?id=1226003 * https://bugzilla.suse.com/show_bug.cgi?id=1226606 * https://bugzilla.suse.com/show_bug.cgi?id=1226631 * https://bugzilla.suse.com/show_bug.cgi?id=1226662 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1226846 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1226875 * https://bugzilla.suse.com/show_bug.cgi?id=1226915 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227726 * https://bugzilla.suse.com/show_bug.cgi?id=1227819 * https://bugzilla.suse.com/show_bug.cgi?id=1227832 * https://bugzilla.suse.com/show_bug.cgi?id=1227890 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228576 * https://bugzilla.suse.com/show_bug.cgi?id=1228620 * https://bugzilla.suse.com/show_bug.cgi?id=1228747 * https://bugzilla.suse.com/show_bug.cgi?id=1228771 * https://bugzilla.suse.com/show_bug.cgi?id=1229031 * https://bugzilla.suse.com/show_bug.cgi?id=1229034 * https://bugzilla.suse.com/show_bug.cgi?id=1229086 * https://bugzilla.suse.com/show_bug.cgi?id=1229156 * https://bugzilla.suse.com/show_bug.cgi?id=1229334 * https://bugzilla.suse.com/show_bug.cgi?id=1229362 * https://bugzilla.suse.com/show_bug.cgi?id=1229363 * https://bugzilla.suse.com/show_bug.cgi?id=1229364 * https://bugzilla.suse.com/show_bug.cgi?id=1229394 * https://bugzilla.suse.com/show_bug.cgi?id=1229429 * https://bugzilla.suse.com/show_bug.cgi?id=1229453 * https://bugzilla.suse.com/show_bug.cgi?id=1229572 * https://bugzilla.suse.com/show_bug.cgi?id=1229573 * https://bugzilla.suse.com/show_bug.cgi?id=1229585 * https://bugzilla.suse.com/show_bug.cgi?id=1229607 * https://bugzilla.suse.com/show_bug.cgi?id=1229619 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1229662 * https://bugzilla.suse.com/show_bug.cgi?id=1229753 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229810 * https://bugzilla.suse.com/show_bug.cgi?id=1229830 * https://bugzilla.suse.com/show_bug.cgi?id=1229891 * https://bugzilla.suse.com/show_bug.cgi?id=1229899 * https://bugzilla.suse.com/show_bug.cgi?id=1229928 * https://bugzilla.suse.com/show_bug.cgi?id=1229947 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230055 * https://bugzilla.suse.com/show_bug.cgi?id=1230129 * https://bugzilla.suse.com/show_bug.cgi?id=1230130 * https://bugzilla.suse.com/show_bug.cgi?id=1230170 * https://bugzilla.suse.com/show_bug.cgi?id=1230171 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230175 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230180 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230192 * https://bugzilla.suse.com/show_bug.cgi?id=1230193 * https://bugzilla.suse.com/show_bug.cgi?id=1230194 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230209 * https://bugzilla.suse.com/show_bug.cgi?id=1230211 * https://bugzilla.suse.com/show_bug.cgi?id=1230217 * https://bugzilla.suse.com/show_bug.cgi?id=1230224 * https://bugzilla.suse.com/show_bug.cgi?id=1230230 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230244 * https://bugzilla.suse.com/show_bug.cgi?id=1230245 * https://bugzilla.suse.com/show_bug.cgi?id=1230247 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230269 * https://bugzilla.suse.com/show_bug.cgi?id=1230289 * https://bugzilla.suse.com/show_bug.cgi?id=1230339 * https://bugzilla.suse.com/show_bug.cgi?id=1230340 * https://bugzilla.suse.com/show_bug.cgi?id=1230392 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230431 * https://bugzilla.suse.com/show_bug.cgi?id=1230433 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230440 * https://bugzilla.suse.com/show_bug.cgi?id=1230442 * https://bugzilla.suse.com/show_bug.cgi?id=1230444 * https://bugzilla.suse.com/show_bug.cgi?id=1230450 * https://bugzilla.suse.com/show_bug.cgi?id=1230451 * https://bugzilla.suse.com/show_bug.cgi?id=1230454 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230507 * https://bugzilla.suse.com/show_bug.cgi?id=1230511 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230524 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230550 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230591 * https://bugzilla.suse.com/show_bug.cgi?id=1230592 * https://bugzilla.suse.com/show_bug.cgi?id=1230699 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230701 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230703 * https://bugzilla.suse.com/show_bug.cgi?id=1230705 * https://bugzilla.suse.com/show_bug.cgi?id=1230706 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230710 * https://bugzilla.suse.com/show_bug.cgi?id=1230711 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230719 * https://bugzilla.suse.com/show_bug.cgi?id=1230724 * https://bugzilla.suse.com/show_bug.cgi?id=1230725 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230733 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230751 * https://bugzilla.suse.com/show_bug.cgi?id=1230752 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230763 * https://bugzilla.suse.com/show_bug.cgi?id=1230766 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230768 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230774 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230786 * https://bugzilla.suse.com/show_bug.cgi?id=1230791 * https://bugzilla.suse.com/show_bug.cgi?id=1230794 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230802 * https://bugzilla.suse.com/show_bug.cgi?id=1230806 * https://bugzilla.suse.com/show_bug.cgi?id=1230808 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230812 * https://bugzilla.suse.com/show_bug.cgi?id=1230813 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230821 * https://bugzilla.suse.com/show_bug.cgi?id=1230825 * https://bugzilla.suse.com/show_bug.cgi?id=1230830 * https://bugzilla.suse.com/show_bug.cgi?id=1231013 * https://bugzilla.suse.com/show_bug.cgi?id=1231017 * https://bugzilla.suse.com/show_bug.cgi?id=1231084 * https://bugzilla.suse.com/show_bug.cgi?id=1231085 * https://bugzilla.suse.com/show_bug.cgi?id=1231087 * https://bugzilla.suse.com/show_bug.cgi?id=1231115 * https://bugzilla.suse.com/show_bug.cgi?id=1231116 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://bugzilla.suse.com/show_bug.cgi?id=1231180 * https://bugzilla.suse.com/show_bug.cgi?id=1231181 * https://bugzilla.suse.com/show_bug.cgi?id=1231277 * https://bugzilla.suse.com/show_bug.cgi?id=1231327 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 10 20:32:06 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 10 Oct 2024 20:32:06 -0000 Subject: SUSE-SU-2024:3592-1: important: Security update for the Linux Kernel Message-ID: <172859232687.7152.13344543182608425836@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3592-1 Release Date: 2024-10-10T16:03:56Z Rating: important References: * bsc#1199769 * bsc#1216223 * bsc#1220382 * bsc#1221610 * bsc#1221650 * bsc#1222629 * bsc#1222973 * bsc#1223600 * bsc#1223848 * bsc#1224085 * bsc#1225903 * bsc#1226003 * bsc#1226606 * bsc#1226662 * bsc#1226666 * bsc#1226846 * bsc#1226860 * bsc#1226875 * bsc#1226915 * bsc#1227487 * bsc#1227726 * bsc#1227819 * bsc#1227832 * bsc#1227890 * bsc#1228507 * bsc#1228576 * bsc#1228620 * bsc#1228771 * bsc#1229031 * bsc#1229034 * bsc#1229086 * bsc#1229156 * bsc#1229289 * bsc#1229334 * bsc#1229362 * bsc#1229363 * bsc#1229364 * bsc#1229394 * bsc#1229429 * bsc#1229453 * bsc#1229572 * bsc#1229573 * bsc#1229585 * bsc#1229607 * bsc#1229619 * bsc#1229633 * bsc#1229662 * bsc#1229753 * bsc#1229764 * bsc#1229790 * bsc#1229810 * bsc#1229830 * bsc#1229899 * bsc#1229928 * bsc#1229947 * bsc#1230015 * bsc#1230129 * bsc#1230130 * bsc#1230170 * bsc#1230171 * bsc#1230174 * bsc#1230175 * bsc#1230176 * bsc#1230178 * bsc#1230180 * bsc#1230185 * bsc#1230192 * bsc#1230193 * bsc#1230194 * bsc#1230200 * bsc#1230204 * bsc#1230209 * bsc#1230211 * bsc#1230212 * bsc#1230217 * bsc#1230224 * bsc#1230230 * bsc#1230233 * bsc#1230244 * bsc#1230245 * bsc#1230247 * bsc#1230248 * bsc#1230269 * bsc#1230339 * bsc#1230340 * bsc#1230392 * bsc#1230398 * bsc#1230431 * bsc#1230433 * bsc#1230434 * bsc#1230440 * bsc#1230442 * bsc#1230444 * bsc#1230450 * bsc#1230451 * bsc#1230454 * bsc#1230506 * bsc#1230507 * bsc#1230511 * bsc#1230515 * bsc#1230517 * bsc#1230524 * bsc#1230533 * bsc#1230535 * bsc#1230549 * bsc#1230556 * bsc#1230582 * bsc#1230589 * bsc#1230591 * bsc#1230592 * bsc#1230699 * bsc#1230700 * bsc#1230701 * bsc#1230702 * bsc#1230703 * bsc#1230705 * bsc#1230706 * bsc#1230707 * bsc#1230709 * bsc#1230710 * bsc#1230711 * bsc#1230712 * bsc#1230719 * bsc#1230724 * bsc#1230725 * bsc#1230730 * bsc#1230731 * bsc#1230732 * bsc#1230733 * bsc#1230747 * bsc#1230748 * bsc#1230751 * bsc#1230752 * bsc#1230756 * bsc#1230761 * bsc#1230766 * bsc#1230767 * bsc#1230768 * bsc#1230771 * bsc#1230772 * bsc#1230776 * bsc#1230783 * bsc#1230786 * bsc#1230791 * bsc#1230794 * bsc#1230796 * bsc#1230802 * bsc#1230806 * bsc#1230808 * bsc#1230810 * bsc#1230812 * bsc#1230813 * bsc#1230814 * bsc#1230815 * bsc#1230821 * bsc#1230825 * bsc#1230830 * bsc#1231013 * bsc#1231017 * bsc#1231116 * bsc#1231120 * bsc#1231146 * bsc#1231180 * bsc#1231181 Cross-References: * CVE-2022-48901 * CVE-2022-48911 * CVE-2022-48923 * CVE-2022-48935 * CVE-2022-48944 * CVE-2022-48945 * CVE-2023-52610 * CVE-2023-52916 * CVE-2024-26640 * CVE-2024-26759 * CVE-2024-26767 * CVE-2024-26804 * CVE-2024-26837 * CVE-2024-37353 * CVE-2024-38538 * CVE-2024-38596 * CVE-2024-38632 * CVE-2024-40910 * CVE-2024-40973 * CVE-2024-40983 * CVE-2024-41062 * CVE-2024-41082 * CVE-2024-42154 * CVE-2024-42259 * CVE-2024-42265 * CVE-2024-42304 * CVE-2024-42305 * CVE-2024-42306 * CVE-2024-43828 * CVE-2024-43835 * CVE-2024-43890 * CVE-2024-43898 * CVE-2024-43912 * CVE-2024-43914 * CVE-2024-44935 * CVE-2024-44944 * CVE-2024-44946 * CVE-2024-44948 * CVE-2024-44950 * CVE-2024-44952 * CVE-2024-44954 * CVE-2024-44967 * CVE-2024-44969 * CVE-2024-44970 * CVE-2024-44971 * CVE-2024-44972 * CVE-2024-44977 * CVE-2024-44982 * CVE-2024-44986 * CVE-2024-44987 * CVE-2024-44988 * CVE-2024-44989 * CVE-2024-44990 * CVE-2024-44998 * CVE-2024-44999 * CVE-2024-45000 * CVE-2024-45001 * CVE-2024-45003 * CVE-2024-45006 * CVE-2024-45007 * CVE-2024-45008 * CVE-2024-45011 * CVE-2024-45013 * CVE-2024-45015 * CVE-2024-45018 * CVE-2024-45020 * CVE-2024-45021 * CVE-2024-45026 * CVE-2024-45028 * CVE-2024-45029 * CVE-2024-46673 * CVE-2024-46674 * CVE-2024-46675 * CVE-2024-46676 * CVE-2024-46677 * CVE-2024-46679 * CVE-2024-46685 * CVE-2024-46686 * CVE-2024-46689 * CVE-2024-46694 * CVE-2024-46702 * CVE-2024-46707 * CVE-2024-46714 * CVE-2024-46715 * CVE-2024-46717 * CVE-2024-46720 * CVE-2024-46721 * CVE-2024-46722 * CVE-2024-46723 * CVE-2024-46724 * CVE-2024-46725 * CVE-2024-46726 * CVE-2024-46727 * CVE-2024-46728 * CVE-2024-46730 * CVE-2024-46731 * CVE-2024-46732 * CVE-2024-46737 * CVE-2024-46738 * CVE-2024-46739 * CVE-2024-46743 * CVE-2024-46744 * CVE-2024-46745 * CVE-2024-46746 * CVE-2024-46747 * CVE-2024-46750 * CVE-2024-46751 * CVE-2024-46752 * CVE-2024-46753 * CVE-2024-46755 * CVE-2024-46756 * CVE-2024-46758 * CVE-2024-46759 * CVE-2024-46761 * CVE-2024-46771 * CVE-2024-46772 * CVE-2024-46773 * CVE-2024-46774 * CVE-2024-46778 * CVE-2024-46780 * CVE-2024-46781 * CVE-2024-46783 * CVE-2024-46784 * CVE-2024-46786 * CVE-2024-46787 * CVE-2024-46791 * CVE-2024-46794 * CVE-2024-46798 * CVE-2024-46822 * CVE-2024-46830 CVSS scores: * CVE-2022-48901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48911 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48923 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-48923 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48923 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48935 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-48944 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52610 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26759 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26767 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-26767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26804 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26837 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-37353 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38596 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38632 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40910 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40910 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-40973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40973 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40983 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41062 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-42259 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42259 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-42259 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-42304 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43828 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43890 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43890 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43890 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43912 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-43912 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-43912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-43914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44935 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44946 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44950 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44954 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44967 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44967 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44969 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44970 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44971 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44972 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44972 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44977 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-44977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44977 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44982 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44986 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-44987 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44988 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44989 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44990 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44998 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-44999 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44999 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-45000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45003 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45011 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45013 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-45018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45020 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45026 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45028 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45028 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45029 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46673 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46673 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46674 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46675 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L * CVE-2024-46675 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-46675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46676 ( SUSE ): 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-46676 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-46676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46679 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46679 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46685 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46686 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46689 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2024-46702 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46714 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46721 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46722 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46723 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46723 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46724 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46724 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46725 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46725 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46726 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46726 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46727 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46727 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46728 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46730 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46731 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46732 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46732 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46737 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46737 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46738 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-46738 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46739 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-46739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46743 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46743 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46744 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46746 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46746 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46746 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46747 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46747 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-46747 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46750 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46750 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46750 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46751 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46752 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46752 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46753 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46756 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46756 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46758 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46758 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46759 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-46759 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-46759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46761 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46761 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46761 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46773 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46780 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46781 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46783 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46786 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46786 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-46786 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46787 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46791 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46794 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-46794 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-46798 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-46798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46798 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-46822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46830 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 130 vulnerabilities and has 34 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). * CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). * CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) * CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) * CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). * CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). * CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). * CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). * CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). * CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). * CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). * CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). * CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). * CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). * CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). * CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). * CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). * CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). * CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). * CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). * CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) * CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). * CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). * CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). * CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). * CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). * CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). * CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). * CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) * CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). * CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). * CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). * CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). * CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). * CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). * CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176). * CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). * CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). * CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) * CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). * CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). * CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). * CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). * CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). * CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). * CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). * CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). * CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). * CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). * CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) * CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). * CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). * CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). * CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). * CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). * CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). * CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) * CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). * CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) * CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) * CVE-2024-46707: KVM: arm64: Make ICC_ _SGI_ _EL1 undef in the absence of a vGICv3 (bsc#1230582). * CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). * CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). * CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) * CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) * CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) * CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). * CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783). * CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). * CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). * CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). * CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). * CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). * CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). * CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). * CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). * CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). The following non-security bugs were fixed: * ACPI: battery: create alarm sysfs attribute atomically (git-fixes). * ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). * ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git- fixes). * ACPI: processor: Fix memory leaks in error paths of processor_add() (stable- fixes). * ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). * ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). * ACPI: sysfs: validate return type of _STR method (git-fixes). * af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). * af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). * af_unix: Fix data-races around sk->sk_shutdown (git-fixes). * ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). * ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). * ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). * ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). * ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). * apparmor: fix possible NULL pointer dereference (stable-fixes). * arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). * arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git- fixes). * arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git- fixes). * arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). * arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) * arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) * arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) * arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) * arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) * ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). * ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). * ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). * ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). * ASoC: tegra: Fix CBB error during probe() (git-fixes). * ASoC: topology: Properly initialize soc_enum values (stable-fixes). * ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). * ata: pata_macio: Use WARN instead of BUG (stable-fixes). * blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). * blk-mq: add number of queue calc helper (bsc#1229034). * blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). * blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). * blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). * blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). * blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). * Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). * Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). * Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git- fixes). * Bluetooth: L2CAP: Fix deadlock (git-fixes). * Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). * cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). * cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). * can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). * can: bcm: Remove proc entry when dev is unregistered (git-fixes). * can: j1939: use correct function name in comment (git-fixes). * can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git- fixes). * cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). * ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). * char: xillybus: Check USB endpoints when probing device (git-fixes). * clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). * clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git- fixes). * clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). * cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). * crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). * crypto: virtio - Handle dataq logic with tasklet (git-fixes). * crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). * crypto: xor - fix template benchmarking (git-fixes). * devres: Initialize an uninitialized struct member (stable-fixes). * driver core: Add debug logs when fwnode links are added/deleted (git-fixes). * driver core: Add missing parameter description to __fwnode_link_add() (git- fixes). * driver core: Create __fwnode_link_del() helper function (git-fixes). * driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). * driver core: fw_devlink: Consolidate device link flag computation (git- fixes). * driver core: Set deferred probe reason when deferred by driver core (git- fixes). * drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). * Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). * Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). * drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). * drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). * drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). * drm/amd/amdgpu: Properly tune the size of struct (git-fixes). * drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). * drm/amd/display: added NULL check at start of dc_validate_stream (stable- fixes). * drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). * drm/amd/display: Check denominator pbn_div before used (stable-fixes). * drm/amd/display: Check gpio_id before used as array index (stable-fixes). * drm/amd/display: Check HDCP returned status (stable-fixes). * drm/amd/display: Check msg_id before processing transcation (stable-fixes). * drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). * drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). * drm/amd/display: Ensure index calculation will not overflow (stable-fixes). * drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). * drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). * drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable- fixes). * drm/amd/display: Spinlock before reading event (stable-fixes). * drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). * drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). * drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). * drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). * drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). * drm/amdgpu: fix a possible null pointer dereference (git-fixes). * drm/amdgpu: fix dereference after null check (stable-fixes). * drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). * drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). * drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). * drm/amdgpu: fix overflowed array index read warning (stable-fixes). * drm/amdgpu: Fix smatch static checker warning (stable-fixes). * drm/amdgpu: fix the waring dereferencing hive (stable-fixes). * drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). * drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable- fixes). * drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). * drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable- fixes). * drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). * drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). * drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). * drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). * drm/amdgpu: update type of buf size to u32 for eeprom functions (stable- fixes). * drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). * drm/amd/pm: check negtive return for table entries (stable-fixes). * drm/amd/pm: check specific index for aldebaran (stable-fixes). * drm/amd/pm: Fix negative array index read (stable-fixes). * drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). * drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable- fixes). * drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable- fixes). * drm/amd/pm: fix uninitialized variable warning (stable-fixes). * drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable- fixes). * drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). * drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). * drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). * drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git- fixes). * drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). * drm/meson: plane: Add error handling (stable-fixes). * drm/msm/a5xx: disable preemption in submits by default (git-fixes). * drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). * drm/msm/a5xx: properly clear preemption records on resume (git-fixes). * drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). * drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). * drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) * drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). * drm/msm: fix %s null argument error (git-fixes). * drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). * drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git- fixes). * drm/radeon: fix null pointer dereference in radeon_add_common_modes (git- fixes). * drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git- fixes). * drm/rockchip: vop: Allow 4096px width scaling (git-fixes). * drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). * exfat: fix memory leak in exfat_load_bitmap() (git-fixes). * fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). * filemap: remove use of wait bookmarks (bsc#1224085). * firmware_loader: Block path traversal (git-fixes). * fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). * fuse: update stats for pages in dropped aux writeback list (bsc#1230130). * fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). * genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). * genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). * genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). * genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). * genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). * genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). * genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). * gfs2: setattr_chown: Add missing initialization (git-fixes). * HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). * HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable- fixes). * hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). * hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable- fixes). * hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). * hwmon: (ntc_thermistor) fix module autoloading (git-fixes). * hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). * hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git- fixes). * hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git- fixes). * hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). * i2c: aspeed: Update the stop sw state when the bus recovery occurs (git- fixes). * i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). * i2c: isch: Add missed 'else' (git-fixes). * i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). * i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). * i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable- fixes). * IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) * IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git- fixes) * iio: adc: ad7124: fix chip ID mismatch (git-fixes). * iio: adc: ad7124: fix config comparison (git-fixes). * iio: adc: ad7606: fix oversampling gpio array (git-fixes). * iio: adc: ad7606: fix standby gpio state to match the documentation (git- fixes). * iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). * iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git- fixes). * iio: fix scale application in iio_convert_raw_to_processed_unlocked (git- fixes). * iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). * Input: ilitek_ts_i2c - add report id message validation (git-fixes). * Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). * Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). * Input: uinput - reject requests with unreasonable number of slots (stable- fixes). * ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). * ipmi:ssif: Improve detecting during probing (bsc#1228771) * ipmi:ssif: Improve detecting during probing (bsc#1228771) * jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). * kabi: add __nf_queue_get_refs() for kabi compliance. * kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). * kthread: Fix task state in kthread worker if being frozen (bsc#1231146). * lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). * lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). * lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). * lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). * mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). * mailbox: rockchip: fix a typo in module autoloading (git-fixes). * media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) * media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). * media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). * media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (git-fixes). * media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). * media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). * media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). * media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). * media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). * media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). * media: vivid: fix wrong sizeimage value for mplane (stable-fixes). * mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). * mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). * mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). * mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). * mtd: slram: insert break after errors in parsing the map (git-fixes). * net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). * net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git- fixes). * net: missing check virtio (git-fixes). * net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). * nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). * NFSD: Fix frame size warning in svc_export_parse() (git-fixes). * NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). * NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). * NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). * NFS: Reduce use of uncached readdir (bsc#1226662). * NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). * nilfs2: Constify struct kobj_type (git-fixes). * nilfs2: determine empty node blocks as corrupted (git-fixes). * nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). * nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). * nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). * nilfs2: fix state management in error path of log writing function (git- fixes). * nilfs2: protect references to superblock parameters exposed in sysfs (git- fixes). * nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). * nilfs2: use default_groups in kobj_type (git-fixes). * nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). * nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). * nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). * nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). * nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). * nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). * nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). * nvmet-tcp: do not continue for invalid icreq (git-fixes). * nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). * nvmet-trace: avoid dereferencing pointer too early (git-fixes). * ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). * ocfs2: fix null-ptr-deref when journal load failed (git-fixes). * ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). * ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). * PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). * PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). * PCI/ASPM: Move pci_function_0() upward (bsc#1226915) * PCI/ASPM: Remove struct aspm_latency (bsc#1226915) * PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) * PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) * PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). * PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). * PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). * pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). * PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable- fixes). * PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). * PCI: Support BAR sizes up to 8TB (bsc#1231017) * PCI: Wait for Link before restoring Downstream Buses (git-fixes). * PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). * PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). * PCI: xilinx-nwl: Fix register misspelling (git-fixes). * pcmcia: Use resource_size function on resource object (stable-fixes). * pinctrl: single: fix missing error code in pcs_probe() (git-fixes). * pinctrl: single: fix potential NULL dereference in pcs_get_function() (git- fixes). * PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). * platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). * platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). * platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git- fixes). * power: supply: axp20x_battery: Remove design from min and max voltage (git- fixes). * power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). * power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). * power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). * RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) * RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) * RDMA/efa: Properly handle unexpected AQ completions (git-fixes) * RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) * RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) * RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) * RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git- fixes) * RDMA/hns: Optimize hem allocation performance (git-fixes) * RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) * RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git- fixes) * RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) * RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) * RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git- fixes) * Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). * Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (git-fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (git-fixes). * Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (stable-fixes). * rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). * scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). * scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). * scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429). * scsi: lpfc: Fix overflow build issue (bsc#1229429). * scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). * scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). * scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). * scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). * scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). * scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). * scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). * scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). * scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). * scsi: use block layer helpers to calculate num of queues (bsc#1229034). * spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). * Squashfs: sanity check symbolic link size (git-fixes). * staging: iio: frequency: ad9834: Validate frequency parameter value (git- fixes). * thunderbolt: Mark XDomain as unplugged when router is removed (stable- fixes). * tomoyo: fallback to realpath if symlink's pathname does not exist (git- fixes). * tools/virtio: fix build (git-fixes). * tpm: Clean up TPM space after command failure (git-fixes). * tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). * tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). * udp: fix receiving fraglist GSO packets (git-fixes). * uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git- fixes). * usb: cdnsp: Fix incorrect usb_request status (git-fixes). * USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). * usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). * usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). * usb: dwc3: core: Prevent USB core invalid event buffer address access (git- fixes). * usb: dwc3: core: Skip setting event buffers for host only controllers (git- fixes). * usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). * usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). * usb: dwc3: st: add missing depopulate in probe error path (git-fixes). * usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). * usbip: Do not submit special requests twice (stable-fixes). * usbnet: fix cyclical race on disconnect with work queue (git-fixes). * usbnet: ipheth: race between ipheth_close and error handling (git-fixes). * usbnet: modern method to get random MAC (git-fixes). * USB: serial: kobil_sct: restore initial terminal settings (git-fixes). * USB: serial: option: add MeiG Smart SRM825L (git-fixes). * usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). * usb: uas: set host status byte on data completion error (git-fixes). * usb: uas: set host status byte on data completion error (stable-fixes). * USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). * usb: xhci: fix loss of data on Cadence xHC (git-fixes). * vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). * vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). * virito: add APIs for retrieving vq affinity (bsc#1229034). * virtio-blk: Ensure no requests in virtqueues before deleting vqs (git- fixes). * virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). * virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). * virtiofs: forbid newlines in tags (bsc#1230591). * virtio_net: checksum offloading handling fix (git-fixes). * virtio_net: Fix "'%d' directive writing between 1 and 11 bytes into a region of size 10" warnings (git-fixes). * virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). * virtio: reenable config if freezing device failed (git-fixes). * virtio/vsock: fix logic which reduces credit update messages (git-fixes). * VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). * vsock/virtio: add support for device suspend/resume (git-fixes). * vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). * vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). * vsock/virtio: remove socket from connected/bound list on shutdown (git- fixes). * watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). * wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). * wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git- fixes). * wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). * wifi: iwlwifi: mvm: increase the time between ranging measurements (git- fixes). * wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git- fixes). * wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). * wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git- fixes). * wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). * wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). * wifi: rtw88: always wait for both firmware loading attempts (git-fixes). * wifi: rtw88: remove CPT execution branch never used (git-fixes). * wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). * x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). * x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). * x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). * x86/xen: Convert comma to semicolon (git-fixes). * xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). * xen: allow mapping ACPI data using a different physical address (bsc#1226003). * xen: introduce generic helper checking for memory map conflicts (bsc#1226003). * xen: move checks for e820 conflicts further up (bsc#1226003). * xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). * xen/swiotlb: add alignment check for dma buffers (bsc#1229928). * xen/swiotlb: fix allocated size (git-fixes). * xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). * xen: use correct end address of kernel for conflict checking (bsc#1226003). * xfs: do not include bnobt blocks when reserving free block pool (git-fixes). * xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git- fixes). * xz: cleanup CRC32 edits from 2018 (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3592=1 SUSE-2024-3592=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3592=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3592=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3592=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-3592=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.73.1 * kernel-devel-rt-5.14.21-150500.13.73.1 * openSUSE Leap 15.5 (x86_64) * kernel-syms-rt-5.14.21-150500.13.73.1 * kernel-livepatch-SLE15-SP5-RT_Update_21-debugsource-1-150500.11.3.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.73.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * dlm-kmp-rt-5.14.21-150500.13.73.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-livepatch-5.14.21-150500.13.73.1 * kselftests-kmp-rt-5.14.21-150500.13.73.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.73.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.73.1 * kernel-livepatch-5_14_21-150500_13_73-rt-1-150500.11.3.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.73.1 * kernel-rt-optional-5.14.21-150500.13.73.1 * kernel-livepatch-5_14_21-150500_13_73-rt-debuginfo-1-150500.11.3.1 * kernel-rt-debugsource-5.14.21-150500.13.73.1 * kernel-rt-devel-5.14.21-150500.13.73.1 * kernel-rt-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.73.1 * reiserfs-kmp-rt-5.14.21-150500.13.73.1 * kernel-rt-vdso-5.14.21-150500.13.73.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * cluster-md-kmp-rt-5.14.21-150500.13.73.1 * kernel-rt_debug-devel-5.14.21-150500.13.73.1 * gfs2-kmp-rt-5.14.21-150500.13.73.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.73.1 * ocfs2-kmp-rt-5.14.21-150500.13.73.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.73.1 * kernel-rt_debug-vdso-5.14.21-150500.13.73.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-extra-5.14.21-150500.13.73.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.73.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.73.1 * kernel-rt-5.14.21-150500.13.73.1 * openSUSE Leap Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.73.1 * openSUSE Leap Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-debugsource-5.14.21-150500.13.73.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.73.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-debugsource-5.14.21-150500.13.73.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-source-rt-5.14.21-150500.13.73.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_21-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_13_73-rt-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_13_73-rt-debuginfo-1-150500.11.3.1 * SUSE Real Time Module 15-SP5 (x86_64) * kernel-syms-rt-5.14.21-150500.13.73.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.73.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * dlm-kmp-rt-5.14.21-150500.13.73.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.73.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-debugsource-5.14.21-150500.13.73.1 * kernel-rt-devel-5.14.21-150500.13.73.1 * kernel-rt-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.73.1 * kernel-rt-vdso-5.14.21-150500.13.73.1 * cluster-md-kmp-rt-5.14.21-150500.13.73.1 * kernel-rt_debug-devel-5.14.21-150500.13.73.1 * gfs2-kmp-rt-5.14.21-150500.13.73.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.73.1 * ocfs2-kmp-rt-5.14.21-150500.13.73.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.73.1 * kernel-rt_debug-vdso-5.14.21-150500.13.73.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.73.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-source-rt-5.14.21-150500.13.73.1 * kernel-devel-rt-5.14.21-150500.13.73.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.73.1 * kernel-rt-5.14.21-150500.13.73.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48901.html * https://www.suse.com/security/cve/CVE-2022-48911.html * https://www.suse.com/security/cve/CVE-2022-48923.html * https://www.suse.com/security/cve/CVE-2022-48935.html * https://www.suse.com/security/cve/CVE-2022-48944.html * https://www.suse.com/security/cve/CVE-2022-48945.html * https://www.suse.com/security/cve/CVE-2023-52610.html * https://www.suse.com/security/cve/CVE-2023-52916.html * https://www.suse.com/security/cve/CVE-2024-26640.html * https://www.suse.com/security/cve/CVE-2024-26759.html * https://www.suse.com/security/cve/CVE-2024-26767.html * https://www.suse.com/security/cve/CVE-2024-26804.html * https://www.suse.com/security/cve/CVE-2024-26837.html * https://www.suse.com/security/cve/CVE-2024-37353.html * https://www.suse.com/security/cve/CVE-2024-38538.html * https://www.suse.com/security/cve/CVE-2024-38596.html * https://www.suse.com/security/cve/CVE-2024-38632.html * https://www.suse.com/security/cve/CVE-2024-40910.html * https://www.suse.com/security/cve/CVE-2024-40973.html * https://www.suse.com/security/cve/CVE-2024-40983.html * https://www.suse.com/security/cve/CVE-2024-41062.html * https://www.suse.com/security/cve/CVE-2024-41082.html * https://www.suse.com/security/cve/CVE-2024-42154.html * https://www.suse.com/security/cve/CVE-2024-42259.html * https://www.suse.com/security/cve/CVE-2024-42265.html * https://www.suse.com/security/cve/CVE-2024-42304.html * https://www.suse.com/security/cve/CVE-2024-42305.html * https://www.suse.com/security/cve/CVE-2024-42306.html * https://www.suse.com/security/cve/CVE-2024-43828.html * https://www.suse.com/security/cve/CVE-2024-43835.html * https://www.suse.com/security/cve/CVE-2024-43890.html * https://www.suse.com/security/cve/CVE-2024-43898.html * https://www.suse.com/security/cve/CVE-2024-43912.html * https://www.suse.com/security/cve/CVE-2024-43914.html * https://www.suse.com/security/cve/CVE-2024-44935.html * https://www.suse.com/security/cve/CVE-2024-44944.html * https://www.suse.com/security/cve/CVE-2024-44946.html * https://www.suse.com/security/cve/CVE-2024-44948.html * https://www.suse.com/security/cve/CVE-2024-44950.html * https://www.suse.com/security/cve/CVE-2024-44952.html * https://www.suse.com/security/cve/CVE-2024-44954.html * https://www.suse.com/security/cve/CVE-2024-44967.html * https://www.suse.com/security/cve/CVE-2024-44969.html * https://www.suse.com/security/cve/CVE-2024-44970.html * https://www.suse.com/security/cve/CVE-2024-44971.html * https://www.suse.com/security/cve/CVE-2024-44972.html * https://www.suse.com/security/cve/CVE-2024-44977.html * https://www.suse.com/security/cve/CVE-2024-44982.html * https://www.suse.com/security/cve/CVE-2024-44986.html * https://www.suse.com/security/cve/CVE-2024-44987.html * https://www.suse.com/security/cve/CVE-2024-44988.html * https://www.suse.com/security/cve/CVE-2024-44989.html * https://www.suse.com/security/cve/CVE-2024-44990.html * https://www.suse.com/security/cve/CVE-2024-44998.html * https://www.suse.com/security/cve/CVE-2024-44999.html * https://www.suse.com/security/cve/CVE-2024-45000.html * https://www.suse.com/security/cve/CVE-2024-45001.html * https://www.suse.com/security/cve/CVE-2024-45003.html * https://www.suse.com/security/cve/CVE-2024-45006.html * https://www.suse.com/security/cve/CVE-2024-45007.html * https://www.suse.com/security/cve/CVE-2024-45008.html * https://www.suse.com/security/cve/CVE-2024-45011.html * https://www.suse.com/security/cve/CVE-2024-45013.html * https://www.suse.com/security/cve/CVE-2024-45015.html * https://www.suse.com/security/cve/CVE-2024-45018.html * https://www.suse.com/security/cve/CVE-2024-45020.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://www.suse.com/security/cve/CVE-2024-45026.html * https://www.suse.com/security/cve/CVE-2024-45028.html * https://www.suse.com/security/cve/CVE-2024-45029.html * https://www.suse.com/security/cve/CVE-2024-46673.html * https://www.suse.com/security/cve/CVE-2024-46674.html * https://www.suse.com/security/cve/CVE-2024-46675.html * https://www.suse.com/security/cve/CVE-2024-46676.html * https://www.suse.com/security/cve/CVE-2024-46677.html * https://www.suse.com/security/cve/CVE-2024-46679.html * https://www.suse.com/security/cve/CVE-2024-46685.html * https://www.suse.com/security/cve/CVE-2024-46686.html * https://www.suse.com/security/cve/CVE-2024-46689.html * https://www.suse.com/security/cve/CVE-2024-46694.html * https://www.suse.com/security/cve/CVE-2024-46702.html * https://www.suse.com/security/cve/CVE-2024-46707.html * https://www.suse.com/security/cve/CVE-2024-46714.html * https://www.suse.com/security/cve/CVE-2024-46715.html * https://www.suse.com/security/cve/CVE-2024-46717.html * https://www.suse.com/security/cve/CVE-2024-46720.html * https://www.suse.com/security/cve/CVE-2024-46721.html * https://www.suse.com/security/cve/CVE-2024-46722.html * https://www.suse.com/security/cve/CVE-2024-46723.html * https://www.suse.com/security/cve/CVE-2024-46724.html * https://www.suse.com/security/cve/CVE-2024-46725.html * https://www.suse.com/security/cve/CVE-2024-46726.html * https://www.suse.com/security/cve/CVE-2024-46727.html * https://www.suse.com/security/cve/CVE-2024-46728.html * https://www.suse.com/security/cve/CVE-2024-46730.html * https://www.suse.com/security/cve/CVE-2024-46731.html * https://www.suse.com/security/cve/CVE-2024-46732.html * https://www.suse.com/security/cve/CVE-2024-46737.html * https://www.suse.com/security/cve/CVE-2024-46738.html * https://www.suse.com/security/cve/CVE-2024-46739.html * https://www.suse.com/security/cve/CVE-2024-46743.html * https://www.suse.com/security/cve/CVE-2024-46744.html * https://www.suse.com/security/cve/CVE-2024-46745.html * https://www.suse.com/security/cve/CVE-2024-46746.html * https://www.suse.com/security/cve/CVE-2024-46747.html * https://www.suse.com/security/cve/CVE-2024-46750.html * https://www.suse.com/security/cve/CVE-2024-46751.html * https://www.suse.com/security/cve/CVE-2024-46752.html * https://www.suse.com/security/cve/CVE-2024-46753.html * https://www.suse.com/security/cve/CVE-2024-46755.html * https://www.suse.com/security/cve/CVE-2024-46756.html * https://www.suse.com/security/cve/CVE-2024-46758.html * https://www.suse.com/security/cve/CVE-2024-46759.html * https://www.suse.com/security/cve/CVE-2024-46761.html * https://www.suse.com/security/cve/CVE-2024-46771.html * https://www.suse.com/security/cve/CVE-2024-46772.html * https://www.suse.com/security/cve/CVE-2024-46773.html * https://www.suse.com/security/cve/CVE-2024-46774.html * https://www.suse.com/security/cve/CVE-2024-46778.html * https://www.suse.com/security/cve/CVE-2024-46780.html * https://www.suse.com/security/cve/CVE-2024-46781.html * https://www.suse.com/security/cve/CVE-2024-46783.html * https://www.suse.com/security/cve/CVE-2024-46784.html * https://www.suse.com/security/cve/CVE-2024-46786.html * https://www.suse.com/security/cve/CVE-2024-46787.html * https://www.suse.com/security/cve/CVE-2024-46791.html * https://www.suse.com/security/cve/CVE-2024-46794.html * https://www.suse.com/security/cve/CVE-2024-46798.html * https://www.suse.com/security/cve/CVE-2024-46822.html * https://www.suse.com/security/cve/CVE-2024-46830.html * https://bugzilla.suse.com/show_bug.cgi?id=1199769 * https://bugzilla.suse.com/show_bug.cgi?id=1216223 * https://bugzilla.suse.com/show_bug.cgi?id=1220382 * https://bugzilla.suse.com/show_bug.cgi?id=1221610 * https://bugzilla.suse.com/show_bug.cgi?id=1221650 * https://bugzilla.suse.com/show_bug.cgi?id=1222629 * https://bugzilla.suse.com/show_bug.cgi?id=1222973 * https://bugzilla.suse.com/show_bug.cgi?id=1223600 * https://bugzilla.suse.com/show_bug.cgi?id=1223848 * https://bugzilla.suse.com/show_bug.cgi?id=1224085 * https://bugzilla.suse.com/show_bug.cgi?id=1225903 * https://bugzilla.suse.com/show_bug.cgi?id=1226003 * https://bugzilla.suse.com/show_bug.cgi?id=1226606 * https://bugzilla.suse.com/show_bug.cgi?id=1226662 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1226846 * https://bugzilla.suse.com/show_bug.cgi?id=1226860 * https://bugzilla.suse.com/show_bug.cgi?id=1226875 * https://bugzilla.suse.com/show_bug.cgi?id=1226915 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227726 * https://bugzilla.suse.com/show_bug.cgi?id=1227819 * https://bugzilla.suse.com/show_bug.cgi?id=1227832 * https://bugzilla.suse.com/show_bug.cgi?id=1227890 * https://bugzilla.suse.com/show_bug.cgi?id=1228507 * https://bugzilla.suse.com/show_bug.cgi?id=1228576 * https://bugzilla.suse.com/show_bug.cgi?id=1228620 * https://bugzilla.suse.com/show_bug.cgi?id=1228771 * https://bugzilla.suse.com/show_bug.cgi?id=1229031 * https://bugzilla.suse.com/show_bug.cgi?id=1229034 * https://bugzilla.suse.com/show_bug.cgi?id=1229086 * https://bugzilla.suse.com/show_bug.cgi?id=1229156 * https://bugzilla.suse.com/show_bug.cgi?id=1229289 * https://bugzilla.suse.com/show_bug.cgi?id=1229334 * https://bugzilla.suse.com/show_bug.cgi?id=1229362 * https://bugzilla.suse.com/show_bug.cgi?id=1229363 * https://bugzilla.suse.com/show_bug.cgi?id=1229364 * https://bugzilla.suse.com/show_bug.cgi?id=1229394 * https://bugzilla.suse.com/show_bug.cgi?id=1229429 * https://bugzilla.suse.com/show_bug.cgi?id=1229453 * https://bugzilla.suse.com/show_bug.cgi?id=1229572 * https://bugzilla.suse.com/show_bug.cgi?id=1229573 * https://bugzilla.suse.com/show_bug.cgi?id=1229585 * https://bugzilla.suse.com/show_bug.cgi?id=1229607 * https://bugzilla.suse.com/show_bug.cgi?id=1229619 * https://bugzilla.suse.com/show_bug.cgi?id=1229633 * https://bugzilla.suse.com/show_bug.cgi?id=1229662 * https://bugzilla.suse.com/show_bug.cgi?id=1229753 * https://bugzilla.suse.com/show_bug.cgi?id=1229764 * https://bugzilla.suse.com/show_bug.cgi?id=1229790 * https://bugzilla.suse.com/show_bug.cgi?id=1229810 * https://bugzilla.suse.com/show_bug.cgi?id=1229830 * https://bugzilla.suse.com/show_bug.cgi?id=1229899 * https://bugzilla.suse.com/show_bug.cgi?id=1229928 * https://bugzilla.suse.com/show_bug.cgi?id=1229947 * https://bugzilla.suse.com/show_bug.cgi?id=1230015 * https://bugzilla.suse.com/show_bug.cgi?id=1230129 * https://bugzilla.suse.com/show_bug.cgi?id=1230130 * https://bugzilla.suse.com/show_bug.cgi?id=1230170 * https://bugzilla.suse.com/show_bug.cgi?id=1230171 * https://bugzilla.suse.com/show_bug.cgi?id=1230174 * https://bugzilla.suse.com/show_bug.cgi?id=1230175 * https://bugzilla.suse.com/show_bug.cgi?id=1230176 * https://bugzilla.suse.com/show_bug.cgi?id=1230178 * https://bugzilla.suse.com/show_bug.cgi?id=1230180 * https://bugzilla.suse.com/show_bug.cgi?id=1230185 * https://bugzilla.suse.com/show_bug.cgi?id=1230192 * https://bugzilla.suse.com/show_bug.cgi?id=1230193 * https://bugzilla.suse.com/show_bug.cgi?id=1230194 * https://bugzilla.suse.com/show_bug.cgi?id=1230200 * https://bugzilla.suse.com/show_bug.cgi?id=1230204 * https://bugzilla.suse.com/show_bug.cgi?id=1230209 * https://bugzilla.suse.com/show_bug.cgi?id=1230211 * https://bugzilla.suse.com/show_bug.cgi?id=1230212 * https://bugzilla.suse.com/show_bug.cgi?id=1230217 * https://bugzilla.suse.com/show_bug.cgi?id=1230224 * https://bugzilla.suse.com/show_bug.cgi?id=1230230 * https://bugzilla.suse.com/show_bug.cgi?id=1230233 * https://bugzilla.suse.com/show_bug.cgi?id=1230244 * https://bugzilla.suse.com/show_bug.cgi?id=1230245 * https://bugzilla.suse.com/show_bug.cgi?id=1230247 * https://bugzilla.suse.com/show_bug.cgi?id=1230248 * https://bugzilla.suse.com/show_bug.cgi?id=1230269 * https://bugzilla.suse.com/show_bug.cgi?id=1230339 * https://bugzilla.suse.com/show_bug.cgi?id=1230340 * https://bugzilla.suse.com/show_bug.cgi?id=1230392 * https://bugzilla.suse.com/show_bug.cgi?id=1230398 * https://bugzilla.suse.com/show_bug.cgi?id=1230431 * https://bugzilla.suse.com/show_bug.cgi?id=1230433 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 * https://bugzilla.suse.com/show_bug.cgi?id=1230440 * https://bugzilla.suse.com/show_bug.cgi?id=1230442 * https://bugzilla.suse.com/show_bug.cgi?id=1230444 * https://bugzilla.suse.com/show_bug.cgi?id=1230450 * https://bugzilla.suse.com/show_bug.cgi?id=1230451 * https://bugzilla.suse.com/show_bug.cgi?id=1230454 * https://bugzilla.suse.com/show_bug.cgi?id=1230506 * https://bugzilla.suse.com/show_bug.cgi?id=1230507 * https://bugzilla.suse.com/show_bug.cgi?id=1230511 * https://bugzilla.suse.com/show_bug.cgi?id=1230515 * https://bugzilla.suse.com/show_bug.cgi?id=1230517 * https://bugzilla.suse.com/show_bug.cgi?id=1230524 * https://bugzilla.suse.com/show_bug.cgi?id=1230533 * https://bugzilla.suse.com/show_bug.cgi?id=1230535 * https://bugzilla.suse.com/show_bug.cgi?id=1230549 * https://bugzilla.suse.com/show_bug.cgi?id=1230556 * https://bugzilla.suse.com/show_bug.cgi?id=1230582 * https://bugzilla.suse.com/show_bug.cgi?id=1230589 * https://bugzilla.suse.com/show_bug.cgi?id=1230591 * https://bugzilla.suse.com/show_bug.cgi?id=1230592 * https://bugzilla.suse.com/show_bug.cgi?id=1230699 * https://bugzilla.suse.com/show_bug.cgi?id=1230700 * https://bugzilla.suse.com/show_bug.cgi?id=1230701 * https://bugzilla.suse.com/show_bug.cgi?id=1230702 * https://bugzilla.suse.com/show_bug.cgi?id=1230703 * https://bugzilla.suse.com/show_bug.cgi?id=1230705 * https://bugzilla.suse.com/show_bug.cgi?id=1230706 * https://bugzilla.suse.com/show_bug.cgi?id=1230707 * https://bugzilla.suse.com/show_bug.cgi?id=1230709 * https://bugzilla.suse.com/show_bug.cgi?id=1230710 * https://bugzilla.suse.com/show_bug.cgi?id=1230711 * https://bugzilla.suse.com/show_bug.cgi?id=1230712 * https://bugzilla.suse.com/show_bug.cgi?id=1230719 * https://bugzilla.suse.com/show_bug.cgi?id=1230724 * https://bugzilla.suse.com/show_bug.cgi?id=1230725 * https://bugzilla.suse.com/show_bug.cgi?id=1230730 * https://bugzilla.suse.com/show_bug.cgi?id=1230731 * https://bugzilla.suse.com/show_bug.cgi?id=1230732 * https://bugzilla.suse.com/show_bug.cgi?id=1230733 * https://bugzilla.suse.com/show_bug.cgi?id=1230747 * https://bugzilla.suse.com/show_bug.cgi?id=1230748 * https://bugzilla.suse.com/show_bug.cgi?id=1230751 * https://bugzilla.suse.com/show_bug.cgi?id=1230752 * https://bugzilla.suse.com/show_bug.cgi?id=1230756 * https://bugzilla.suse.com/show_bug.cgi?id=1230761 * https://bugzilla.suse.com/show_bug.cgi?id=1230766 * https://bugzilla.suse.com/show_bug.cgi?id=1230767 * https://bugzilla.suse.com/show_bug.cgi?id=1230768 * https://bugzilla.suse.com/show_bug.cgi?id=1230771 * https://bugzilla.suse.com/show_bug.cgi?id=1230772 * https://bugzilla.suse.com/show_bug.cgi?id=1230776 * https://bugzilla.suse.com/show_bug.cgi?id=1230783 * https://bugzilla.suse.com/show_bug.cgi?id=1230786 * https://bugzilla.suse.com/show_bug.cgi?id=1230791 * https://bugzilla.suse.com/show_bug.cgi?id=1230794 * https://bugzilla.suse.com/show_bug.cgi?id=1230796 * https://bugzilla.suse.com/show_bug.cgi?id=1230802 * https://bugzilla.suse.com/show_bug.cgi?id=1230806 * https://bugzilla.suse.com/show_bug.cgi?id=1230808 * https://bugzilla.suse.com/show_bug.cgi?id=1230810 * https://bugzilla.suse.com/show_bug.cgi?id=1230812 * https://bugzilla.suse.com/show_bug.cgi?id=1230813 * https://bugzilla.suse.com/show_bug.cgi?id=1230814 * https://bugzilla.suse.com/show_bug.cgi?id=1230815 * https://bugzilla.suse.com/show_bug.cgi?id=1230821 * https://bugzilla.suse.com/show_bug.cgi?id=1230825 * https://bugzilla.suse.com/show_bug.cgi?id=1230830 * https://bugzilla.suse.com/show_bug.cgi?id=1231013 * https://bugzilla.suse.com/show_bug.cgi?id=1231017 * https://bugzilla.suse.com/show_bug.cgi?id=1231116 * https://bugzilla.suse.com/show_bug.cgi?id=1231120 * https://bugzilla.suse.com/show_bug.cgi?id=1231146 * https://bugzilla.suse.com/show_bug.cgi?id=1231180 * https://bugzilla.suse.com/show_bug.cgi?id=1231181 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 11 12:30:24 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 11 Oct 2024 12:30:24 -0000 Subject: SUSE-SU-2024:3596-1: moderate: Security update for apache-commons-io Message-ID: <172864982431.5826.7725212140957873123@smelt2.prg2.suse.org> # Security update for apache-commons-io Announcement ID: SUSE-SU-2024:3596-1 Release Date: 2024-10-11T08:38:55Z Rating: moderate References: * bsc#1231298 Cross-References: * CVE-2024-47554 CVSS scores: * CVE-2024-47554 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-47554 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for apache-commons-io fixes the following issues: Upgrade to 2.17.0: * CVE-2024-47554: Fixed untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298) Other changes: \- https://commons.apache.org/proper/commons-io/changes- report.html#a2.17.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3596=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3596=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3596=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3596=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * apache-commons-io-2.17.0-11.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * apache-commons-io-2.17.0-11.3.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * apache-commons-io-2.17.0-11.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * apache-commons-io-2.17.0-11.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47554.html * https://bugzilla.suse.com/show_bug.cgi?id=1231298 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 11 16:30:11 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 11 Oct 2024 16:30:11 -0000 Subject: SUSE-SU-2024:3604-1: moderate: Security update for OpenIPMI Message-ID: <172866421139.7152.15454237870445083383@smelt2.prg2.suse.org> # Security update for OpenIPMI Announcement ID: SUSE-SU-2024:3604-1 Release Date: 2024-10-11T15:00:59Z Rating: moderate References: * bsc#1229910 Cross-References: * CVE-2024-42934 CVSS scores: * CVE-2024-42934 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-42934 ( SUSE ): 5.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for OpenIPMI fixes the following issues: * CVE-2024-42934: Fixed missing check on the authorization type on incoming LAN messages in IPMI simulator (bsc#1229910) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3604=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3604=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3604=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libOpenIPMI0-debuginfo-2.0.31-150400.3.5.1 * OpenIPMI-devel-2.0.31-150400.3.5.1 * OpenIPMI-debuginfo-2.0.31-150400.3.5.1 * libOpenIPMI0-2.0.31-150400.3.5.1 * OpenIPMI-python3-debuginfo-2.0.31-150400.3.5.1 * OpenIPMI-2.0.31-150400.3.5.1 * OpenIPMI-python3-2.0.31-150400.3.5.1 * OpenIPMI-debugsource-2.0.31-150400.3.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libOpenIPMI0-debuginfo-2.0.31-150400.3.5.1 * OpenIPMI-devel-2.0.31-150400.3.5.1 * OpenIPMI-debuginfo-2.0.31-150400.3.5.1 * libOpenIPMI0-2.0.31-150400.3.5.1 * OpenIPMI-python3-debuginfo-2.0.31-150400.3.5.1 * OpenIPMI-2.0.31-150400.3.5.1 * OpenIPMI-python3-2.0.31-150400.3.5.1 * OpenIPMI-debugsource-2.0.31-150400.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libOpenIPMI0-debuginfo-2.0.31-150400.3.5.1 * OpenIPMI-devel-2.0.31-150400.3.5.1 * libOpenIPMI0-2.0.31-150400.3.5.1 * OpenIPMI-debuginfo-2.0.31-150400.3.5.1 * OpenIPMI-2.0.31-150400.3.5.1 * OpenIPMI-debugsource-2.0.31-150400.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2024-42934.html * https://bugzilla.suse.com/show_bug.cgi?id=1229910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 11 16:30:15 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 11 Oct 2024 16:30:15 -0000 Subject: SUSE-SU-2024:3603-1: critical: Security update for MozillaFirefox Message-ID: <172866421506.7152.16524914033197125658@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2024:3603-1 Release Date: 2024-10-11T12:33:48Z Rating: critical References: * bsc#1230979 * bsc#1231413 Cross-References: * CVE-2024-8900 * CVE-2024-9392 * CVE-2024-9393 * CVE-2024-9394 * CVE-2024-9396 * CVE-2024-9397 * CVE-2024-9398 * CVE-2024-9399 * CVE-2024-9400 * CVE-2024-9401 * CVE-2024-9402 * CVE-2024-9680 CVSS scores: * CVE-2024-8900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-9392 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9392 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9392 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9393 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9393 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-9394 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9394 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-9396 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-9396 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2024-9396 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9397 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9397 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-9398 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-9398 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-9399 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-9399 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-9400 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-9400 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2024-9400 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9401 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9401 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9401 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9402 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9402 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9680 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9680 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.1 ESR MFSA 2024-51 (bsc#1231413) * CVE-2024-9680: Use-after-free in Animation timeline (bmo#1923344) Also includes the following CVEs from MFSA 2024-47 (bsc#1230979) * CVE-2024-9392: Compromised content process can bypass site isolation (bmo#1899154, bmo#1905843) * CVE-2024-9393: Cross-origin access to PDF contents through multipart responses (bmo#1918301) * CVE-2024-9394: Cross-origin access to JSON contents through multipart responses (bmo#1918874) * CVE-2024-8900: Clipboard write permission bypass (bmo#1872841) * CVE-2024-9396: Potential memory corruption may occur when cloning certain objects (bmo#1912471) * CVE-2024-9397: Potential directory upload bypass via clickjacking (bmo#1916659) * CVE-2024-9398: External protocol handlers could be enumerated via popups (bmo#1881037) * CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service (bmo#1907726) * CVE-2024-9400: Potential memory corruption during JIT compilation (bmo#1915249) * CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) * CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3i (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3603=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3603=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3603=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3603=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-128.3.1-112.231.1 * MozillaFirefox-debuginfo-128.3.1-112.231.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-128.3.1-112.231.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-128.3.1-112.231.1 * MozillaFirefox-debugsource-128.3.1-112.231.1 * MozillaFirefox-translations-common-128.3.1-112.231.1 * MozillaFirefox-debuginfo-128.3.1-112.231.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-128.3.1-112.231.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-128.3.1-112.231.1 * MozillaFirefox-debugsource-128.3.1-112.231.1 * MozillaFirefox-translations-common-128.3.1-112.231.1 * MozillaFirefox-debuginfo-128.3.1-112.231.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-128.3.1-112.231.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-128.3.1-112.231.1 * MozillaFirefox-debugsource-128.3.1-112.231.1 * MozillaFirefox-translations-common-128.3.1-112.231.1 * MozillaFirefox-debuginfo-128.3.1-112.231.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-128.3.1-112.231.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8900.html * https://www.suse.com/security/cve/CVE-2024-9392.html * https://www.suse.com/security/cve/CVE-2024-9393.html * https://www.suse.com/security/cve/CVE-2024-9394.html * https://www.suse.com/security/cve/CVE-2024-9396.html * https://www.suse.com/security/cve/CVE-2024-9397.html * https://www.suse.com/security/cve/CVE-2024-9398.html * https://www.suse.com/security/cve/CVE-2024-9399.html * https://www.suse.com/security/cve/CVE-2024-9400.html * https://www.suse.com/security/cve/CVE-2024-9401.html * https://www.suse.com/security/cve/CVE-2024-9402.html * https://www.suse.com/security/cve/CVE-2024-9680.html * https://bugzilla.suse.com/show_bug.cgi?id=1230979 * https://bugzilla.suse.com/show_bug.cgi?id=1231413 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Oct 14 12:30:14 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 14 Oct 2024 12:30:14 -0000 Subject: SUSE-SU-2024:3615-1: moderate: Security update for wireshark Message-ID: <172890901403.10662.11681170357244506212@smelt2.prg2.suse.org> # Security update for wireshark Announcement ID: SUSE-SU-2024:3615-1 Release Date: 2024-10-14T11:03:49Z Rating: moderate References: * bsc#1231476 Cross-References: * CVE-2024-9781 CVSS scores: * CVE-2024-9781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for wireshark fixes the following issues: Update to Wireshark 4.2.8: * CVE-2024-9781: Fixed AppleTalk and RELOAD Framing dissector crash (bsc#1231476). * Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-4.2.8.html ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3615=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3615=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3615=1 openSUSE-SLE-15.6-2024-3615=1 ## Package List: * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libwireshark17-debuginfo-4.2.8-150600.18.14.1 * libwiretap14-debuginfo-4.2.8-150600.18.14.1 * libwiretap14-4.2.8-150600.18.14.1 * libwsutil15-debuginfo-4.2.8-150600.18.14.1 * wireshark-debugsource-4.2.8-150600.18.14.1 * libwireshark17-4.2.8-150600.18.14.1 * wireshark-4.2.8-150600.18.14.1 * wireshark-debuginfo-4.2.8-150600.18.14.1 * libwsutil15-4.2.8-150600.18.14.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-4.2.8-150600.18.14.1 * wireshark-ui-qt-debuginfo-4.2.8-150600.18.14.1 * wireshark-devel-4.2.8-150600.18.14.1 * wireshark-debuginfo-4.2.8-150600.18.14.1 * wireshark-ui-qt-4.2.8-150600.18.14.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libwireshark17-debuginfo-4.2.8-150600.18.14.1 * libwiretap14-debuginfo-4.2.8-150600.18.14.1 * libwiretap14-4.2.8-150600.18.14.1 * libwsutil15-debuginfo-4.2.8-150600.18.14.1 * wireshark-debugsource-4.2.8-150600.18.14.1 * wireshark-ui-qt-debuginfo-4.2.8-150600.18.14.1 * libwireshark17-4.2.8-150600.18.14.1 * wireshark-devel-4.2.8-150600.18.14.1 * wireshark-4.2.8-150600.18.14.1 * wireshark-debuginfo-4.2.8-150600.18.14.1 * libwsutil15-4.2.8-150600.18.14.1 * wireshark-ui-qt-4.2.8-150600.18.14.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9781.html * https://bugzilla.suse.com/show_bug.cgi?id=1231476 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Oct 14 12:30:17 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 14 Oct 2024 12:30:17 -0000 Subject: SUSE-SU-2024:3614-1: critical: Security update for MozillaFirefox Message-ID: <172890901765.10662.13089387478780772961@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2024:3614-1 Release Date: 2024-10-14T10:01:38Z Rating: critical References: * bsc#1230979 * bsc#1231413 Cross-References: * CVE-2024-8900 * CVE-2024-9392 * CVE-2024-9393 * CVE-2024-9394 * CVE-2024-9396 * CVE-2024-9397 * CVE-2024-9398 * CVE-2024-9399 * CVE-2024-9400 * CVE-2024-9401 * CVE-2024-9402 * CVE-2024-9680 CVSS scores: * CVE-2024-8900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-9392 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9392 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9392 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9393 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9393 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-9393 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9394 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9394 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-9394 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9396 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-9396 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2024-9396 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9397 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9397 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-9397 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-9398 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-9398 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-9398 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-9399 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-9399 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-9400 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-9400 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2024-9400 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9401 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9401 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9401 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9402 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9402 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9680 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9680 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP5 * Desktop Applications Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.1 ESR MFSA 2024-51 (bsc#1231413) * CVE-2024-9680: Use-after-free in Animation timeline (bmo#1923344) Also includes the following CVEs from MFSA 2024-47 (bsc#1230979) * CVE-2024-9392: Compromised content process can bypass site isolation (bmo#1899154, bmo#1905843) * CVE-2024-9393: Cross-origin access to PDF contents through multipart responses (bmo#1918301) * CVE-2024-9394: Cross-origin access to JSON contents through multipart responses (bmo#1918874) * CVE-2024-8900: Clipboard write permission bypass (bmo#1872841) * CVE-2024-9396: Potential memory corruption may occur when cloning certain objects (bmo#1912471) * CVE-2024-9397: Potential directory upload bypass via clickjacking (bmo#1916659) * CVE-2024-9398: External protocol handlers could be enumerated via popups (bmo#1881037) * CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service (bmo#1907726) * CVE-2024-9400: Potential memory corruption during JIT compilation (bmo#1915249) * CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) * CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3i (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3614=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3614=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3614=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3614=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3614=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3614=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3614=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3614=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3614=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3614=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3614=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3614=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3614=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3614=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3614=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3614=1 ## Package List: * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * Desktop Applications Module 15-SP6 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-branding-upstream-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.3.1-150200.152.155.1 * MozillaFirefox-debugsource-128.3.1-150200.152.155.1 * MozillaFirefox-translations-other-128.3.1-150200.152.155.1 * MozillaFirefox-branding-upstream-128.3.1-150200.152.155.1 * MozillaFirefox-translations-common-128.3.1-150200.152.155.1 * MozillaFirefox-128.3.1-150200.152.155.1 * openSUSE Leap 15.6 (noarch) * MozillaFirefox-devel-128.3.1-150200.152.155.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8900.html * https://www.suse.com/security/cve/CVE-2024-9392.html * https://www.suse.com/security/cve/CVE-2024-9393.html * https://www.suse.com/security/cve/CVE-2024-9394.html * https://www.suse.com/security/cve/CVE-2024-9396.html * https://www.suse.com/security/cve/CVE-2024-9397.html * https://www.suse.com/security/cve/CVE-2024-9398.html * https://www.suse.com/security/cve/CVE-2024-9399.html * https://www.suse.com/security/cve/CVE-2024-9400.html * https://www.suse.com/security/cve/CVE-2024-9401.html * https://www.suse.com/security/cve/CVE-2024-9402.html * https://www.suse.com/security/cve/CVE-2024-9680.html * https://bugzilla.suse.com/show_bug.cgi?id=1230979 * https://bugzilla.suse.com/show_bug.cgi?id=1231413 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Oct 14 16:30:18 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 14 Oct 2024 16:30:18 -0000 Subject: SUSE-SU-2024:3617-1: moderate: Security update for the Linux Kernel Message-ID: <172892341891.11128.2128393210215118744@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:3617-1 Release Date: 2024-10-14T12:07:08Z Rating: moderate References: * bsc#1214298 * bsc#1226606 * bsc#1227764 * bsc#1228487 * bsc#1228654 * bsc#1230434 Cross-References: * CVE-2024-38538 * CVE-2024-40902 * CVE-2024-42104 * CVE-2024-42148 * CVE-2024-45021 CVSS scores: * CVE-2024-38538 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-38538 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-40902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40902 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42104 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-42104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42148 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42148 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves five vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). * CVE-2024-40902: jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227764). * CVE-2024-42104: nilfs2: add missing check for inode numbers on directory entries (bsc#1228654). * CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). * CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). The following non-security bugs were fixed: * alarmtimer: Lock k_itimer during timer callback (bsc#1214298). * alarmtimers: Add alarm_forward functionality (bsc#1214298). * alarmtimers: Change alarmtimer functions to return alarmtimer_restart (bsc#1214298). * alarmtimers: Push rearming peroidic timers down into alamrtimer (bsc#1214298). * alarmtimers: Remove interval cap limit hack (bsc#1214298). * kABI fix for alarmtimer_restart functionality (bsc#1214298). * kABI fix update for alarm_forward (bsc#1214298). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-3617=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-3617=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (nosrc x86_64) * kernel-default-3.0.101-108.165.1 * kernel-xen-3.0.101-108.165.1 * kernel-trace-3.0.101-108.165.1 * kernel-ec2-3.0.101-108.165.1 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * kernel-default-base-3.0.101-108.165.1 * kernel-xen-base-3.0.101-108.165.1 * kernel-default-devel-3.0.101-108.165.1 * kernel-ec2-base-3.0.101-108.165.1 * kernel-trace-devel-3.0.101-108.165.1 * kernel-source-3.0.101-108.165.1 * kernel-xen-devel-3.0.101-108.165.1 * kernel-ec2-devel-3.0.101-108.165.1 * kernel-trace-base-3.0.101-108.165.1 * kernel-syms-3.0.101-108.165.1 * SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64) * kernel-default-3.0.101-108.165.1 * kernel-xen-3.0.101-108.165.1 * kernel-trace-3.0.101-108.165.1 * kernel-ec2-3.0.101-108.165.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * kernel-default-base-3.0.101-108.165.1 * kernel-xen-base-3.0.101-108.165.1 * kernel-default-devel-3.0.101-108.165.1 * kernel-ec2-base-3.0.101-108.165.1 * kernel-trace-devel-3.0.101-108.165.1 * kernel-source-3.0.101-108.165.1 * kernel-xen-devel-3.0.101-108.165.1 * kernel-ec2-devel-3.0.101-108.165.1 * kernel-trace-base-3.0.101-108.165.1 * kernel-syms-3.0.101-108.165.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38538.html * https://www.suse.com/security/cve/CVE-2024-40902.html * https://www.suse.com/security/cve/CVE-2024-42104.html * https://www.suse.com/security/cve/CVE-2024-42148.html * https://www.suse.com/security/cve/CVE-2024-45021.html * https://bugzilla.suse.com/show_bug.cgi?id=1214298 * https://bugzilla.suse.com/show_bug.cgi?id=1226606 * https://bugzilla.suse.com/show_bug.cgi?id=1227764 * https://bugzilla.suse.com/show_bug.cgi?id=1228487 * https://bugzilla.suse.com/show_bug.cgi?id=1228654 * https://bugzilla.suse.com/show_bug.cgi?id=1230434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 08:30:09 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 08:30:09 -0000 Subject: SUSE-SU-2024:3628-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6) Message-ID: <172898100906.6932.13067682043465551024@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6) Announcement ID: SUSE-SU-2024:3628-1 Release Date: 2024-10-15T03:33:34Z Rating: important References: * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228786 Cross-References: * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 CVSS scores: * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_8 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3628=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_8-rt-4-150600.3.1 * kernel-livepatch-6_4_0-150600_8-rt-debuginfo-4-150600.3.1 * kernel-livepatch-SLE15-SP6-RT_Update_0-debugsource-4-150600.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 08:30:13 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 08:30:13 -0000 Subject: SUSE-SU-2024:3627-1: important: Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5) Message-ID: <172898101340.6932.10708780399331728282@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3627-1 Release Date: 2024-10-15T03:33:31Z Rating: important References: * bsc#1228349 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2024-40909 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_61 fixes several issues. The following security issues were fixed: * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3627=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3627=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_17-debugsource-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_61-rt-debuginfo-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_61-rt-2-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_17-debugsource-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_61-rt-debuginfo-2-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_61-rt-2-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1228349 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 08:30:16 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 08:30:16 -0000 Subject: SUSE-SU-2024:3626-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6) Message-ID: <172898101657.6932.10255260014942853227@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6) Announcement ID: SUSE-SU-2024:3626-1 Release Date: 2024-10-15T02:33:30Z Rating: important References: * bsc#1228349 * bsc#1228786 Cross-References: * CVE-2024-40909 * CVE-2024-40954 CVSS scores: * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_5 fixes several issues. The following security issues were fixed: * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3626=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6-RT_Update_1-debugsource-3-150600.1.8.1 * kernel-livepatch-6_4_0-150600_10_5-rt-debuginfo-3-150600.1.8.1 * kernel-livepatch-6_4_0-150600_10_5-rt-3-150600.1.8.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://bugzilla.suse.com/show_bug.cgi?id=1228349 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 08:30:26 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 08:30:26 -0000 Subject: SUSE-SU-2024:3625-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5) Message-ID: <172898102658.6932.8060814272195129332@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3625-1 Release Date: 2024-10-15T01:03:49Z Rating: important References: * bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_55 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3625=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3625=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_15-debugsource-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_55-rt-debuginfo-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_55-rt-5-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_15-debugsource-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_55-rt-debuginfo-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_55-rt-5-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 08:30:45 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 08:30:45 -0000 Subject: SUSE-SU-2024:3623-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5) Message-ID: <172898104501.6932.1392640985555892903@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3623-1 Release Date: 2024-10-14T21:35:12Z Rating: important References: * bsc#1220145 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52502 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 19 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_38 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3623=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3623=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_38-rt-7-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_38-rt-7-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 08:30:50 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 08:30:50 -0000 Subject: SUSE-SU-2024:3624-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5) Message-ID: <172898105063.6932.8913825933181247235@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3624-1 Release Date: 2024-10-15T01:03:40Z Rating: important References: * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_24 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3622=1 SUSE-SLE- Module-Live-Patching-15-SP5-2024-3624=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3624=1 SUSE-2024-3622=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-14-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-13-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-13-150500.2.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-14-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-13-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-13-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 08:30:54 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 08:30:54 -0000 Subject: SUSE-SU-2024:3629-1: important: Security update for MozillaThunderbird Message-ID: <172898105477.6932.13469582473674583589@smelt2.prg2.suse.org> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2024:3629-1 Release Date: 2024-10-15T06:57:43Z Rating: important References: * bsc#1230979 * bsc#1231413 Cross-References: * CVE-2024-8900 * CVE-2024-9392 * CVE-2024-9393 * CVE-2024-9394 * CVE-2024-9396 * CVE-2024-9397 * CVE-2024-9398 * CVE-2024-9399 * CVE-2024-9400 * CVE-2024-9401 * CVE-2024-9402 * CVE-2024-9680 CVSS scores: * CVE-2024-8900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-9392 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9392 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9392 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9393 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9393 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-9393 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9394 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9394 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-9394 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9396 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-9396 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2024-9396 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9397 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9397 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-9397 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-9398 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-9398 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-9398 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-9399 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-9399 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-9400 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-9400 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2024-9400 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9401 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9401 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9401 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9402 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9402 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9680 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9680 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-51, bsc#1231413): * CVE-2024-9680: Use-after-free in Animation timeline Update to Mozilla Thunderbird 128.3 (MFSA 2024-49, bsc#1230979): * CVE-2024-9392: Compromised content process can bypass site isolation * CVE-2024-9393: Cross-origin access to PDF contents through multipart responses * CVE-2024-9394: Cross-origin access to JSON contents through multipart responses * CVE-2024-8900: Clipboard write permission bypass * CVE-2024-9396: Potential memory corruption may occur when cloning certain objects * CVE-2024-9397: Potential directory upload bypass via clickjacking * CVE-2024-9398: External protocol handlers could be enumerated via popups * CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400: Potential memory corruption during JIT compilation * CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 * CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 Other fixes: * fixed: Opening an EML file with a 'mailto:' link did not work * fixed: Collapsed POP3 account folder was expanded after emptying trash on exit * fixed: "Mark Folder Read" on a cross-folder search marked all underlying folders read * fixed: Unable to open/view attached OpenPGP encrypted messages * fixed: Unable to "Decrypt and Open" an attached OpenPGP key file * fixed: Subject could disappear when replying to a message saved in an EML file * fixed: OAuth2 authentication method was not available when adding SMTP server * fixed: Unable to subscribe to .ics calendars in some situations * fixed: Visual and UX improvements ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3629=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3629=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3629=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3629=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3629=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3629=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3629=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-common-128.3.0-150200.8.182.1 * MozillaThunderbird-debugsource-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-other-128.3.0-150200.8.182.1 * MozillaThunderbird-debuginfo-128.3.0-150200.8.182.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-common-128.3.0-150200.8.182.1 * MozillaThunderbird-debugsource-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-other-128.3.0-150200.8.182.1 * MozillaThunderbird-debuginfo-128.3.0-150200.8.182.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-common-128.3.0-150200.8.182.1 * MozillaThunderbird-debugsource-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-other-128.3.0-150200.8.182.1 * MozillaThunderbird-debuginfo-128.3.0-150200.8.182.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * MozillaThunderbird-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-common-128.3.0-150200.8.182.1 * MozillaThunderbird-debugsource-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-other-128.3.0-150200.8.182.1 * MozillaThunderbird-debuginfo-128.3.0-150200.8.182.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaThunderbird-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-common-128.3.0-150200.8.182.1 * MozillaThunderbird-debugsource-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-other-128.3.0-150200.8.182.1 * MozillaThunderbird-debuginfo-128.3.0-150200.8.182.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-common-128.3.0-150200.8.182.1 * MozillaThunderbird-debugsource-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-other-128.3.0-150200.8.182.1 * MozillaThunderbird-debuginfo-128.3.0-150200.8.182.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * MozillaThunderbird-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-common-128.3.0-150200.8.182.1 * MozillaThunderbird-debugsource-128.3.0-150200.8.182.1 * MozillaThunderbird-translations-other-128.3.0-150200.8.182.1 * MozillaThunderbird-debuginfo-128.3.0-150200.8.182.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8900.html * https://www.suse.com/security/cve/CVE-2024-9392.html * https://www.suse.com/security/cve/CVE-2024-9393.html * https://www.suse.com/security/cve/CVE-2024-9394.html * https://www.suse.com/security/cve/CVE-2024-9396.html * https://www.suse.com/security/cve/CVE-2024-9397.html * https://www.suse.com/security/cve/CVE-2024-9398.html * https://www.suse.com/security/cve/CVE-2024-9399.html * https://www.suse.com/security/cve/CVE-2024-9400.html * https://www.suse.com/security/cve/CVE-2024-9401.html * https://www.suse.com/security/cve/CVE-2024-9402.html * https://www.suse.com/security/cve/CVE-2024-9680.html * https://bugzilla.suse.com/show_bug.cgi?id=1230979 * https://bugzilla.suse.com/show_bug.cgi?id=1231413 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 12:30:10 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 12:30:10 -0000 Subject: SUSE-SU-2024:3636-1: important: Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5) Message-ID: <172899541079.7152.6018082902711941822@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3636-1 Release Date: 2024-10-15T09:33:31Z Rating: important References: * bsc#1223683 * bsc#1225099 * bsc#1225739 * bsc#1228349 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-26923 * CVE-2024-36899 * CVE-2024-40909 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_58 fixes several issues. The following security issues were fixed: * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3636=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3636=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_16-debugsource-4-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_58-rt-debuginfo-4-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_58-rt-4-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_16-debugsource-4-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_58-rt-debuginfo-4-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_58-rt-4-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1228349 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 12:30:20 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 12:30:20 -0000 Subject: SUSE-SU-2024:3632-1: important: Security update for the Linux Kernel RT (Live Patch 14 for SLE 15 SP5) Message-ID: <172899542047.7152.1008613715592948845@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 14 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3632-1 Release Date: 2024-10-15T09:03:56Z Rating: important References: * bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_52 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3632=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3632=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-5-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-5-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_52-rt-5-150500.11.8.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-5-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-5-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_52-rt-5-150500.11.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 12:30:41 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 12:30:41 -0000 Subject: SUSE-SU-2024:3631-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5) Message-ID: <172899544139.7152.10701416461836610284@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3631-1 Release Date: 2024-10-15T09:03:51Z Rating: important References: * bsc#1219296 * bsc#1220145 * bsc#1220211 * bsc#1220828 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52340 * CVE-2023-52502 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26585 * CVE-2024-26610 * CVE-2024-26622 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 23 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_35 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220211). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828). * CVE-2023-52340: Fixed a denial of service related to ICMPv6 'Packet Too Big' packets (bsc#1219296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3631=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3631=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-9-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-9-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_35-rt-9-150500.11.8.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-9-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-9-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_35-rt-9-150500.11.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52340.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26622.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1219296 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220211 * https://bugzilla.suse.com/show_bug.cgi?id=1220828 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 12:30:46 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 12:30:46 -0000 Subject: SUSE-SU-2024:3635-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP5) Message-ID: <172899544692.7152.14923426976266661536@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3635-1 Release Date: 2024-10-15T09:33:26Z Rating: important References: * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_30 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3635=1 SUSE-2024-3630=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3635=1 SUSE-SLE- Module-Live-Patching-15-SP5-2024-3630=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_27-rt-12-150500.2.1 * kernel-livepatch-5_14_21-150500_13_30-rt-11-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-12-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_9-debugsource-11-150500.2.1 * kernel-livepatch-5_14_21-150500_13_30-rt-debuginfo-11-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_27-rt-12-150500.2.1 * kernel-livepatch-5_14_21-150500_13_30-rt-11-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-12-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_9-debugsource-11-150500.2.1 * kernel-livepatch-5_14_21-150500_13_30-rt-debuginfo-11-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 12:30:52 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 12:30:52 -0000 Subject: SUSE-SU-2024:3634-1: moderate: Security update for keepalived Message-ID: <172899545297.7152.10115807238023568729@smelt2.prg2.suse.org> # Security update for keepalived Announcement ID: SUSE-SU-2024:3634-1 Release Date: 2024-10-15T09:21:36Z Rating: moderate References: * bsc#1228123 Cross-References: * CVE-2024-41184 CVSS scores: * CVE-2024-41184 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for keepalived fixes the following issues: * CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-3634=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3634=1 openSUSE-SLE-15.5-2024-3634=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3634=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3634=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * keepalived-2.2.2-150500.8.5.1 * keepalived-debuginfo-2.2.2-150500.8.5.1 * keepalived-debugsource-2.2.2-150500.8.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * keepalived-2.2.2-150500.8.5.1 * keepalived-debuginfo-2.2.2-150500.8.5.1 * keepalived-debugsource-2.2.2-150500.8.5.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * keepalived-2.2.2-150500.8.5.1 * keepalived-debuginfo-2.2.2-150500.8.5.1 * keepalived-debugsource-2.2.2-150500.8.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * keepalived-2.2.2-150500.8.5.1 * keepalived-debuginfo-2.2.2-150500.8.5.1 * keepalived-debugsource-2.2.2-150500.8.5.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41184.html * https://bugzilla.suse.com/show_bug.cgi?id=1228123 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 12:30:55 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 12:30:55 -0000 Subject: SUSE-SU-2024:3633-1: moderate: Security update for keepalived Message-ID: <172899545534.7152.13447587039782249711@smelt2.prg2.suse.org> # Security update for keepalived Announcement ID: SUSE-SU-2024:3633-1 Release Date: 2024-10-15T09:20:42Z Rating: moderate References: * bsc#1228123 Cross-References: * CVE-2024-41184 CVSS scores: * CVE-2024-41184 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for keepalived fixes the following issues: * CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3633=1 openSUSE-SLE-15.6-2024-3633=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2024-3633=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * keepalived-debugsource-2.2.8-150600.3.5.1 * keepalived-2.2.8-150600.3.5.1 * keepalived-debuginfo-2.2.8-150600.3.5.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * keepalived-debugsource-2.2.8-150600.3.5.1 * keepalived-2.2.8-150600.3.5.1 * keepalived-debuginfo-2.2.8-150600.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41184.html * https://bugzilla.suse.com/show_bug.cgi?id=1228123 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 16:30:04 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 16:30:04 -0000 Subject: SUSE-SU-2024:3640-1: important: Security update for the Linux Kernel (Live Patch 50 for SLE 12 SP5) Message-ID: <172900980416.29496.4187239256558414493@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 50 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3640-1 Release Date: 2024-10-15T12:33:32Z Rating: important References: * bsc#1226325 * bsc#1228573 Cross-References: * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_183 fixes several issues. The following security issues were fixed: * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3640=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_183-default-13-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 16:30:17 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 16:30:17 -0000 Subject: SUSE-SU-2024:3639-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5) Message-ID: <172900981762.29496.8311161865333846413@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3639-1 Release Date: 2024-10-15T12:03:52Z Rating: important References: * bsc#1221302 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52846 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 14 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_47 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3639=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3639=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_47-rt-debuginfo-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_47-rt-7-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_13-debugsource-7-150500.11.6.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_47-rt-debuginfo-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_47-rt-7-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_13-debugsource-7-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 16:30:22 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 16:30:22 -0000 Subject: SUSE-SU-2024:3638-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP5) Message-ID: <172900982278.29496.15352070918035217121@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3638-1 Release Date: 2024-10-15T12:03:46Z Rating: important References: * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_21 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3638=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3638=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-13-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-13-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 20:30:19 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 20:30:19 -0000 Subject: SUSE-SU-2024:3642-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP2) Message-ID: <172902421923.30335.3245765151912487042@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3642-1 Release Date: 2024-10-15T19:03:43Z Rating: important References: * bsc#1210619 * bsc#1218487 * bsc#1220145 * bsc#1220537 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225310 * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2022-48651 * CVE-2023-1829 * CVE-2023-6531 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_183 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3642=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_46-debugsource-8-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_183-default-8-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_183-default-debuginfo-8-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1218487 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 15 20:30:23 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 15 Oct 2024 20:30:23 -0000 Subject: SUSE-SU-2024:3641-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP2) Message-ID: <172902422354.30335.8845672698056539047@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3641-1 Release Date: 2024-10-15T19:03:34Z Rating: important References: * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2024-35861 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_178 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3641=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_45-debugsource-10-150200.2.1 * kernel-livepatch-5_3_18-150200_24_178-default-debuginfo-10-150200.2.1 * kernel-livepatch-5_3_18-150200_24_178-default-10-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 08:30:09 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 08:30:09 -0000 Subject: SUSE-SU-2024:3643-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4) Message-ID: <172906740920.4625.10306321416658264877@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3643-1 Release Date: 2024-10-16T05:03:45Z Rating: important References: * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_92 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3643=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3643=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-13-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_19-debugsource-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_92-default-13-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-13-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_19-debugsource-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_92-default-13-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 08:30:21 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 08:30:21 -0000 Subject: SUSE-SU-2024:3644-1: moderate: Security update for rubygem-puma Message-ID: <172906742150.4625.13693373755859694459@smelt2.prg2.suse.org> # Security update for rubygem-puma Announcement ID: SUSE-SU-2024:3644-1 Release Date: 2024-10-16T06:55:19Z Rating: moderate References: * bsc#1218638 * bsc#1230848 Cross-References: * CVE-2024-21647 * CVE-2024-45614 CVSS scores: * CVE-2024-21647 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21647 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45614 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-45614 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2024-45614 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2024-45614 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for rubygem-puma fixes the following issues: * CVE-2024-45614: Prevent underscores from clobbering hyphen headers (bsc#1230848). * CVE-2024-21647: Fixed DoS when parsing chunked Transfer-Encoding bodies (bsc#1218638). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3644=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-3644=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-3644=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-3644=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-3644=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rubygem-puma-debugsource-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-doc-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-puma-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * rubygem-puma-debugsource-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * rubygem-puma-debugsource-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * rubygem-puma-debugsource-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.15.1 * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21647.html * https://www.suse.com/security/cve/CVE-2024-45614.html * https://bugzilla.suse.com/show_bug.cgi?id=1218638 * https://bugzilla.suse.com/show_bug.cgi?id=1230848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 12:30:09 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 12:30:09 -0000 Subject: SUSE-SU-2024:3655-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5) Message-ID: <172908180999.6932.12360715432211029100@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3655-1 Release Date: 2024-10-16T11:33:28Z Rating: important References: * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_31 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3655=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3655=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_6-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-13-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_6-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-13-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 12:30:25 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 12:30:25 -0000 Subject: SUSE-SU-2024:3652-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3) Message-ID: <172908182551.6932.2246417383998137942@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3652-1 Release Date: 2024-10-16T10:04:15Z Rating: important References: * bsc#1210619 * bsc#1220145 * bsc#1220537 * bsc#1221302 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225310 * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2022-48651 * CVE-2023-1829 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 17 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_158 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3652=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3652=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_43-debugsource-7-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_158-default-7-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-7-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_158-preempt-7-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-7-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_158-default-7-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 12:30:42 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 12:30:42 -0000 Subject: SUSE-SU-2024:3651-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3) Message-ID: <172908184218.6932.12905147178457958878@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3651-1 Release Date: 2024-10-16T10:04:05Z Rating: important References: * bsc#1210619 * bsc#1218487 * bsc#1220145 * bsc#1220537 * bsc#1221302 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225310 * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2022-48651 * CVE-2023-1829 * CVE-2023-6531 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 19 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3651=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3651=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_42-debugsource-8-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_153-default-8-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_153-default-debuginfo-8-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_153-preempt-debuginfo-8-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_153-preempt-8-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_153-default-8-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1218487 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 12:30:57 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 12:30:57 -0000 Subject: SUSE-SU-2024:3649-1: important: Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP2) Message-ID: <172908185753.6932.14464073291677162027@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3649-1 Release Date: 2024-10-16T09:33:39Z Rating: important References: * bsc#1210619 * bsc#1220145 * bsc#1220537 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225310 * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2022-48651 * CVE-2023-1829 * CVE-2024-23307 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_188 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3649=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_188-default-debuginfo-7-150200.5.6.1 * kernel-livepatch-SLE15-SP2_Update_47-debugsource-7-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_188-default-7-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 12:31:01 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 12:31:01 -0000 Subject: SUSE-SU-2024:3648-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3) Message-ID: <172908186173.6932.11081999877734473937@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3648-1 Release Date: 2024-10-16T10:03:55Z Rating: important References: * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2024-35861 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_150 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3648=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3650=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3650=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_166-default-debuginfo-14-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_41-debugsource-14-150200.2.1 * kernel-livepatch-5_3_18-150200_24_166-default-14-150200.2.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_150-default-11-150300.2.1 * kernel-livepatch-5_3_18-150300_59_150-default-debuginfo-11-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_41-debugsource-11-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_150-preempt-11-150300.2.1 * kernel-livepatch-5_3_18-150300_59_150-preempt-debuginfo-11-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_150-default-11-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 12:31:17 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 12:31:17 -0000 Subject: SUSE-SU-2024:3656-1: moderate: Security update for etcd Message-ID: <172908187780.6932.11907551042593230183@smelt2.prg2.suse.org> # Security update for etcd Announcement ID: SUSE-SU-2024:3656-1 Release Date: 2024-10-16T11:33:45Z Rating: moderate References: * bsc#1095184 * bsc#1118897 * bsc#1118898 * bsc#1118899 * bsc#1121850 * bsc#1174951 * bsc#1181400 * bsc#1183703 * bsc#1199031 * bsc#1208270 * bsc#1208297 * bsc#1210138 * bsc#1213229 * bsc#1217070 * bsc#1217950 * bsc#1218150 Cross-References: * CVE-2018-16873 * CVE-2018-16874 * CVE-2018-16875 * CVE-2018-16886 * CVE-2020-15106 * CVE-2020-15112 * CVE-2021-28235 * CVE-2022-41723 * CVE-2023-29406 * CVE-2023-47108 * CVE-2023-48795 CVSS scores: * CVE-2018-16873 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-16873 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-16873 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-16874 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2018-16874 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-16874 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-16875 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-16875 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-16886 ( SUSE ): 6.8 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2018-16886 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2020-15106 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-15106 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-15112 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-15112 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-28235 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-28235 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29406 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-29406 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-47108 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-47108 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-48795 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 An update that solves 11 vulnerabilities and has five security fixes can now be installed. ## Description: This update for etcd fixes the following issues: Update to version 3.5.12: Security fixes: * CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897) * CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898) * CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899) * CVE-2018-16886: Fixed improper authentication issue when RBAC and client- cert-auth is enabled (bsc#1121850) * CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951) * CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951) * CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138) * CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297) * CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229) * CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070) * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150) Other changes: * Added hardening to systemd service(s) (bsc#1181400) * Fixed static /tmp file issue (bsc#1199031) * Fixed systemd service not starting (bsc#1183703) Full changelog: https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3656=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3656=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * etcdctl-3.5.12-150000.7.6.1 * etcd-3.5.12-150000.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * etcdctl-3.5.12-150000.7.6.1 * etcd-3.5.12-150000.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2018-16873.html * https://www.suse.com/security/cve/CVE-2018-16874.html * https://www.suse.com/security/cve/CVE-2018-16875.html * https://www.suse.com/security/cve/CVE-2018-16886.html * https://www.suse.com/security/cve/CVE-2020-15106.html * https://www.suse.com/security/cve/CVE-2020-15112.html * https://www.suse.com/security/cve/CVE-2021-28235.html * https://www.suse.com/security/cve/CVE-2022-41723.html * https://www.suse.com/security/cve/CVE-2023-29406.html * https://www.suse.com/security/cve/CVE-2023-47108.html * https://www.suse.com/security/cve/CVE-2023-48795.html * https://bugzilla.suse.com/show_bug.cgi?id=1095184 * https://bugzilla.suse.com/show_bug.cgi?id=1118897 * https://bugzilla.suse.com/show_bug.cgi?id=1118898 * https://bugzilla.suse.com/show_bug.cgi?id=1118899 * https://bugzilla.suse.com/show_bug.cgi?id=1121850 * https://bugzilla.suse.com/show_bug.cgi?id=1174951 * https://bugzilla.suse.com/show_bug.cgi?id=1181400 * https://bugzilla.suse.com/show_bug.cgi?id=1183703 * https://bugzilla.suse.com/show_bug.cgi?id=1199031 * https://bugzilla.suse.com/show_bug.cgi?id=1208270 * https://bugzilla.suse.com/show_bug.cgi?id=1208297 * https://bugzilla.suse.com/show_bug.cgi?id=1210138 * https://bugzilla.suse.com/show_bug.cgi?id=1213229 * https://bugzilla.suse.com/show_bug.cgi?id=1217070 * https://bugzilla.suse.com/show_bug.cgi?id=1217950 * https://bugzilla.suse.com/show_bug.cgi?id=1218150 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 12:31:25 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 12:31:25 -0000 Subject: SUSE-SU-2024:3647-1: moderate: Security update for unbound Message-ID: <172908188574.6932.9658263831276391208@smelt2.prg2.suse.org> # Security update for unbound Announcement ID: SUSE-SU-2024:3647-1 Release Date: 2024-10-16T09:32:21Z Rating: moderate References: * bsc#1231284 Cross-References: * CVE-2024-8508 CVSS scores: * CVE-2024-8508 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-8508 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2024-8508 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for unbound fixes the following issues: * CVE-2024-8508: Fixed unbounded name compression that could lead to denial of service (bsc#1231284) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3647=1 openSUSE-SLE-15.6-2024-3647=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3647=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3647=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libunbound-devel-mini-1.20.0-150600.23.9.1 * unbound-devel-1.20.0-150600.23.9.1 * libunbound-devel-mini-debuginfo-1.20.0-150600.23.9.1 * libunbound8-1.20.0-150600.23.9.1 * libunbound8-debuginfo-1.20.0-150600.23.9.1 * unbound-debugsource-1.20.0-150600.23.9.1 * unbound-debuginfo-1.20.0-150600.23.9.1 * unbound-anchor-1.20.0-150600.23.9.1 * libunbound-devel-mini-debugsource-1.20.0-150600.23.9.1 * unbound-1.20.0-150600.23.9.1 * unbound-anchor-debuginfo-1.20.0-150600.23.9.1 * unbound-python-debuginfo-1.20.0-150600.23.9.1 * unbound-python-1.20.0-150600.23.9.1 * openSUSE Leap 15.6 (noarch) * unbound-munin-1.20.0-150600.23.9.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * unbound-devel-1.20.0-150600.23.9.1 * libunbound8-1.20.0-150600.23.9.1 * libunbound8-debuginfo-1.20.0-150600.23.9.1 * unbound-debugsource-1.20.0-150600.23.9.1 * unbound-debuginfo-1.20.0-150600.23.9.1 * unbound-anchor-1.20.0-150600.23.9.1 * unbound-anchor-debuginfo-1.20.0-150600.23.9.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * unbound-debugsource-1.20.0-150600.23.9.1 * unbound-debuginfo-1.20.0-150600.23.9.1 * unbound-1.20.0-150600.23.9.1 * unbound-python-debuginfo-1.20.0-150600.23.9.1 * unbound-python-1.20.0-150600.23.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8508.html * https://bugzilla.suse.com/show_bug.cgi?id=1231284 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 12:31:28 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 12:31:28 -0000 Subject: SUSE-SU-2024:3646-1: moderate: Security update for unbound Message-ID: <172908188815.6932.12759179884991500046@smelt2.prg2.suse.org> # Security update for unbound Announcement ID: SUSE-SU-2024:3646-1 Release Date: 2024-10-16T09:31:58Z Rating: moderate References: * bsc#1231284 Cross-References: * CVE-2024-8508 CVSS scores: * CVE-2024-8508 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-8508 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2024-8508 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for unbound fixes the following issues: * CVE-2024-8508: Fixed unbounded name compression that could lead to denial of service (bsc#1231284) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3646=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3646=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3646=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3646=1 ## Package List: * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * unbound-1.20.0-150100.10.19.1 * unbound-debugsource-1.20.0-150100.10.19.1 * unbound-python-1.20.0-150100.10.19.1 * unbound-python-debuginfo-1.20.0-150100.10.19.1 * unbound-debuginfo-1.20.0-150100.10.19.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * unbound-devel-1.20.0-150100.10.19.1 * unbound-1.20.0-150100.10.19.1 * unbound-debugsource-1.20.0-150100.10.19.1 * unbound-python-1.20.0-150100.10.19.1 * libunbound8-1.20.0-150100.10.19.1 * unbound-python-debuginfo-1.20.0-150100.10.19.1 * unbound-debuginfo-1.20.0-150100.10.19.1 * libunbound8-debuginfo-1.20.0-150100.10.19.1 * unbound-anchor-1.20.0-150100.10.19.1 * unbound-anchor-debuginfo-1.20.0-150100.10.19.1 * openSUSE Leap 15.5 (noarch) * unbound-munin-1.20.0-150100.10.19.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * unbound-debugsource-1.20.0-150100.10.19.1 * libunbound8-1.20.0-150100.10.19.1 * unbound-debuginfo-1.20.0-150100.10.19.1 * libunbound8-debuginfo-1.20.0-150100.10.19.1 * unbound-anchor-1.20.0-150100.10.19.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * unbound-devel-1.20.0-150100.10.19.1 * unbound-debugsource-1.20.0-150100.10.19.1 * libunbound8-1.20.0-150100.10.19.1 * unbound-debuginfo-1.20.0-150100.10.19.1 * libunbound8-debuginfo-1.20.0-150100.10.19.1 * unbound-anchor-1.20.0-150100.10.19.1 * unbound-anchor-debuginfo-1.20.0-150100.10.19.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8508.html * https://bugzilla.suse.com/show_bug.cgi?id=1231284 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 16:30:12 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 16:30:12 -0000 Subject: SUSE-SU-2024:3663-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5) Message-ID: <172909621229.7152.16369134012543965066@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3663-1 Release Date: 2024-10-16T14:03:59Z Rating: important References: * bsc#1210619 * bsc#1220537 * bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225310 * bsc#1226325 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47378 * CVE-2021-47383 * CVE-2023-1829 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_216 fixes several issues. The following security issues were fixed: * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3663=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_216-default-6-8.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 16:30:23 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 16:30:23 -0000 Subject: SUSE-SU-2024:3662-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5) Message-ID: <172909622398.7152.8452555628162427286@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3662-1 Release Date: 2024-10-16T14:03:47Z Rating: important References: * bsc#1210619 * bsc#1220145 * bsc#1220537 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223681 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225310 * bsc#1226325 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47378 * CVE-2021-47383 * CVE-2022-48651 * CVE-2023-1829 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_201 fixes several issues. The following security issues were fixed: * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3662=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_201-default-8-8.10.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 16:30:29 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 16:30:29 -0000 Subject: SUSE-SU-2024:3661-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3) Message-ID: <172909622988.7152.10205213266267180033@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3661-1 Release Date: 2024-10-16T13:33:42Z Rating: important References: * bsc#1223683 * bsc#1225310 * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2024-26923 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3661=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3661=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-3-150300.7.6.1 * kernel-livepatch-SLE15-SP3_Update_45-debugsource-3-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_164-default-3-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-3-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_164-preempt-3-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_164-default-3-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 16:30:33 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 16:30:33 -0000 Subject: SUSE-SU-2024:3660-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 12 SP5) Message-ID: <172909623302.7152.16542355438404677532@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 52 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3660-1 Release Date: 2024-10-16T14:33:27Z Rating: important References: * bsc#1226325 * bsc#1228573 Cross-References: * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_189 fixes several issues. The following security issues were fixed: * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3665=1 SUSE-SLE-Live- Patching-12-SP5-2024-3660=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_189-default-11-2.1 * kgraft-patch-4_12_14-122_179-default-13-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 16:30:37 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 16:30:37 -0000 Subject: SUSE-SU-2024:3664-1: moderate: Security update for php8 Message-ID: <172909623768.7152.15841625444636446217@smelt2.prg2.suse.org> # Security update for php8 Announcement ID: SUSE-SU-2024:3664-1 Release Date: 2024-10-16T14:28:54Z Rating: moderate References: * bsc#1231358 * bsc#1231360 * bsc#1231382 Cross-References: * CVE-2024-8925 * CVE-2024-8927 * CVE-2024-9026 CVSS scores: * CVE-2024-8925 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8925 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8925 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8927 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-8927 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9026 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9026 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-9026 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * Web and Scripting Module 15-SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for php8 fixes the following issues: * CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) * CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) * CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3664=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3664=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-3664=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * php8-cli-debuginfo-8.0.30-150400.4.46.1 * php8-ftp-8.0.30-150400.4.46.1 * php8-tokenizer-8.0.30-150400.4.46.1 * php8-test-8.0.30-150400.4.46.1 * php8-bz2-8.0.30-150400.4.46.1 * php8-fileinfo-8.0.30-150400.4.46.1 * php8-curl-8.0.30-150400.4.46.1 * php8-gettext-debuginfo-8.0.30-150400.4.46.1 * php8-calendar-8.0.30-150400.4.46.1 * php8-fpm-debugsource-8.0.30-150400.4.46.1 * php8-xmlreader-debuginfo-8.0.30-150400.4.46.1 * php8-bcmath-debuginfo-8.0.30-150400.4.46.1 * php8-xmlwriter-8.0.30-150400.4.46.1 * php8-sqlite-debuginfo-8.0.30-150400.4.46.1 * php8-shmop-debuginfo-8.0.30-150400.4.46.1 * php8-debuginfo-8.0.30-150400.4.46.1 * php8-odbc-debuginfo-8.0.30-150400.4.46.1 * php8-pdo-8.0.30-150400.4.46.1 * php8-zip-debuginfo-8.0.30-150400.4.46.1 * php8-sysvmsg-8.0.30-150400.4.46.1 * php8-8.0.30-150400.4.46.1 * php8-bz2-debuginfo-8.0.30-150400.4.46.1 * php8-openssl-8.0.30-150400.4.46.1 * php8-embed-debuginfo-8.0.30-150400.4.46.1 * php8-gd-8.0.30-150400.4.46.1 * php8-tidy-8.0.30-150400.4.46.1 * php8-pcntl-debuginfo-8.0.30-150400.4.46.1 * php8-sysvsem-8.0.30-150400.4.46.1 * php8-odbc-8.0.30-150400.4.46.1 * php8-ctype-debuginfo-8.0.30-150400.4.46.1 * php8-gd-debuginfo-8.0.30-150400.4.46.1 * php8-embed-debugsource-8.0.30-150400.4.46.1 * php8-sysvmsg-debuginfo-8.0.30-150400.4.46.1 * php8-zlib-8.0.30-150400.4.46.1 * php8-dom-8.0.30-150400.4.46.1 * php8-mbstring-debuginfo-8.0.30-150400.4.46.1 * php8-readline-8.0.30-150400.4.46.1 * php8-fileinfo-debuginfo-8.0.30-150400.4.46.1 * php8-sqlite-8.0.30-150400.4.46.1 * php8-soap-8.0.30-150400.4.46.1 * php8-pdo-debuginfo-8.0.30-150400.4.46.1 * php8-iconv-debuginfo-8.0.30-150400.4.46.1 * php8-mysql-8.0.30-150400.4.46.1 * php8-cli-8.0.30-150400.4.46.1 * php8-ftp-debuginfo-8.0.30-150400.4.46.1 * php8-devel-8.0.30-150400.4.46.1 * php8-debugsource-8.0.30-150400.4.46.1 * php8-intl-debuginfo-8.0.30-150400.4.46.1 * apache2-mod_php8-debuginfo-8.0.30-150400.4.46.1 * php8-posix-8.0.30-150400.4.46.1 * php8-xmlwriter-debuginfo-8.0.30-150400.4.46.1 * php8-phar-8.0.30-150400.4.46.1 * php8-dom-debuginfo-8.0.30-150400.4.46.1 * php8-sodium-debuginfo-8.0.30-150400.4.46.1 * php8-soap-debuginfo-8.0.30-150400.4.46.1 * php8-intl-8.0.30-150400.4.46.1 * php8-pgsql-debuginfo-8.0.30-150400.4.46.1 * php8-iconv-8.0.30-150400.4.46.1 * php8-gmp-debuginfo-8.0.30-150400.4.46.1 * php8-dba-debuginfo-8.0.30-150400.4.46.1 * php8-calendar-debuginfo-8.0.30-150400.4.46.1 * php8-fastcgi-debugsource-8.0.30-150400.4.46.1 * php8-zlib-debuginfo-8.0.30-150400.4.46.1 * php8-xsl-8.0.30-150400.4.46.1 * php8-exif-debuginfo-8.0.30-150400.4.46.1 * apache2-mod_php8-8.0.30-150400.4.46.1 * php8-mysql-debuginfo-8.0.30-150400.4.46.1 * php8-opcache-8.0.30-150400.4.46.1 * php8-curl-debuginfo-8.0.30-150400.4.46.1 * php8-fastcgi-debuginfo-8.0.30-150400.4.46.1 * php8-sockets-8.0.30-150400.4.46.1 * php8-tidy-debuginfo-8.0.30-150400.4.46.1 * php8-exif-8.0.30-150400.4.46.1 * php8-xsl-debuginfo-8.0.30-150400.4.46.1 * php8-zip-8.0.30-150400.4.46.1 * php8-enchant-8.0.30-150400.4.46.1 * php8-sysvshm-debuginfo-8.0.30-150400.4.46.1 * php8-sysvsem-debuginfo-8.0.30-150400.4.46.1 * php8-readline-debuginfo-8.0.30-150400.4.46.1 * php8-pcntl-8.0.30-150400.4.46.1 * php8-ctype-8.0.30-150400.4.46.1 * php8-dba-8.0.30-150400.4.46.1 * php8-ldap-8.0.30-150400.4.46.1 * php8-bcmath-8.0.30-150400.4.46.1 * php8-posix-debuginfo-8.0.30-150400.4.46.1 * php8-mbstring-8.0.30-150400.4.46.1 * apache2-mod_php8-debugsource-8.0.30-150400.4.46.1 * php8-phar-debuginfo-8.0.30-150400.4.46.1 * php8-opcache-debuginfo-8.0.30-150400.4.46.1 * php8-gmp-8.0.30-150400.4.46.1 * php8-sysvshm-8.0.30-150400.4.46.1 * php8-fastcgi-8.0.30-150400.4.46.1 * php8-gettext-8.0.30-150400.4.46.1 * php8-sodium-8.0.30-150400.4.46.1 * php8-enchant-debuginfo-8.0.30-150400.4.46.1 * php8-shmop-8.0.30-150400.4.46.1 * php8-fpm-debuginfo-8.0.30-150400.4.46.1 * php8-snmp-debuginfo-8.0.30-150400.4.46.1 * php8-sockets-debuginfo-8.0.30-150400.4.46.1 * php8-pgsql-8.0.30-150400.4.46.1 * php8-fpm-8.0.30-150400.4.46.1 * php8-xmlreader-8.0.30-150400.4.46.1 * php8-tokenizer-debuginfo-8.0.30-150400.4.46.1 * php8-ldap-debuginfo-8.0.30-150400.4.46.1 * php8-openssl-debuginfo-8.0.30-150400.4.46.1 * php8-snmp-8.0.30-150400.4.46.1 * php8-embed-8.0.30-150400.4.46.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * php8-cli-debuginfo-8.0.30-150400.4.46.1 * php8-ftp-8.0.30-150400.4.46.1 * php8-tokenizer-8.0.30-150400.4.46.1 * php8-test-8.0.30-150400.4.46.1 * php8-bz2-8.0.30-150400.4.46.1 * php8-fileinfo-8.0.30-150400.4.46.1 * php8-curl-8.0.30-150400.4.46.1 * php8-fpm-debugsource-8.0.30-150400.4.46.1 * php8-calendar-8.0.30-150400.4.46.1 * php8-gettext-debuginfo-8.0.30-150400.4.46.1 * php8-xmlreader-debuginfo-8.0.30-150400.4.46.1 * php8-bcmath-debuginfo-8.0.30-150400.4.46.1 * php8-xmlwriter-8.0.30-150400.4.46.1 * php8-sqlite-debuginfo-8.0.30-150400.4.46.1 * php8-shmop-debuginfo-8.0.30-150400.4.46.1 * php8-debuginfo-8.0.30-150400.4.46.1 * php8-odbc-debuginfo-8.0.30-150400.4.46.1 * php8-pdo-8.0.30-150400.4.46.1 * php8-zip-debuginfo-8.0.30-150400.4.46.1 * php8-sysvmsg-8.0.30-150400.4.46.1 * php8-bz2-debuginfo-8.0.30-150400.4.46.1 * php8-8.0.30-150400.4.46.1 * php8-embed-debuginfo-8.0.30-150400.4.46.1 * php8-openssl-8.0.30-150400.4.46.1 * php8-gd-8.0.30-150400.4.46.1 * php8-tidy-8.0.30-150400.4.46.1 * php8-pcntl-debuginfo-8.0.30-150400.4.46.1 * php8-sysvsem-8.0.30-150400.4.46.1 * php8-odbc-8.0.30-150400.4.46.1 * php8-ctype-debuginfo-8.0.30-150400.4.46.1 * php8-embed-debugsource-8.0.30-150400.4.46.1 * php8-gd-debuginfo-8.0.30-150400.4.46.1 * php8-sysvmsg-debuginfo-8.0.30-150400.4.46.1 * php8-zlib-8.0.30-150400.4.46.1 * php8-dom-8.0.30-150400.4.46.1 * php8-mbstring-debuginfo-8.0.30-150400.4.46.1 * php8-readline-8.0.30-150400.4.46.1 * php8-fileinfo-debuginfo-8.0.30-150400.4.46.1 * php8-sqlite-8.0.30-150400.4.46.1 * php8-soap-8.0.30-150400.4.46.1 * php8-pdo-debuginfo-8.0.30-150400.4.46.1 * php8-iconv-debuginfo-8.0.30-150400.4.46.1 * php8-mysql-8.0.30-150400.4.46.1 * php8-cli-8.0.30-150400.4.46.1 * php8-ftp-debuginfo-8.0.30-150400.4.46.1 * php8-devel-8.0.30-150400.4.46.1 * php8-debugsource-8.0.30-150400.4.46.1 * php8-intl-debuginfo-8.0.30-150400.4.46.1 * apache2-mod_php8-debuginfo-8.0.30-150400.4.46.1 * php8-posix-8.0.30-150400.4.46.1 * php8-xmlwriter-debuginfo-8.0.30-150400.4.46.1 * php8-phar-8.0.30-150400.4.46.1 * php8-dom-debuginfo-8.0.30-150400.4.46.1 * php8-sodium-debuginfo-8.0.30-150400.4.46.1 * php8-soap-debuginfo-8.0.30-150400.4.46.1 * php8-intl-8.0.30-150400.4.46.1 * php8-pgsql-debuginfo-8.0.30-150400.4.46.1 * php8-iconv-8.0.30-150400.4.46.1 * php8-gmp-debuginfo-8.0.30-150400.4.46.1 * php8-dba-debuginfo-8.0.30-150400.4.46.1 * php8-calendar-debuginfo-8.0.30-150400.4.46.1 * php8-fastcgi-debugsource-8.0.30-150400.4.46.1 * php8-zlib-debuginfo-8.0.30-150400.4.46.1 * php8-xsl-8.0.30-150400.4.46.1 * apache2-mod_php8-8.0.30-150400.4.46.1 * php8-exif-debuginfo-8.0.30-150400.4.46.1 * php8-mysql-debuginfo-8.0.30-150400.4.46.1 * php8-opcache-8.0.30-150400.4.46.1 * php8-curl-debuginfo-8.0.30-150400.4.46.1 * php8-fastcgi-debuginfo-8.0.30-150400.4.46.1 * php8-sockets-8.0.30-150400.4.46.1 * php8-tidy-debuginfo-8.0.30-150400.4.46.1 * php8-exif-8.0.30-150400.4.46.1 * php8-xsl-debuginfo-8.0.30-150400.4.46.1 * php8-zip-8.0.30-150400.4.46.1 * php8-enchant-8.0.30-150400.4.46.1 * php8-sysvshm-debuginfo-8.0.30-150400.4.46.1 * php8-sysvsem-debuginfo-8.0.30-150400.4.46.1 * php8-readline-debuginfo-8.0.30-150400.4.46.1 * php8-pcntl-8.0.30-150400.4.46.1 * php8-ctype-8.0.30-150400.4.46.1 * php8-dba-8.0.30-150400.4.46.1 * php8-ldap-8.0.30-150400.4.46.1 * php8-bcmath-8.0.30-150400.4.46.1 * php8-posix-debuginfo-8.0.30-150400.4.46.1 * php8-mbstring-8.0.30-150400.4.46.1 * apache2-mod_php8-debugsource-8.0.30-150400.4.46.1 * php8-phar-debuginfo-8.0.30-150400.4.46.1 * php8-opcache-debuginfo-8.0.30-150400.4.46.1 * php8-gmp-8.0.30-150400.4.46.1 * php8-sysvshm-8.0.30-150400.4.46.1 * php8-fastcgi-8.0.30-150400.4.46.1 * php8-gettext-8.0.30-150400.4.46.1 * php8-sodium-8.0.30-150400.4.46.1 * php8-enchant-debuginfo-8.0.30-150400.4.46.1 * php8-shmop-8.0.30-150400.4.46.1 * php8-fpm-debuginfo-8.0.30-150400.4.46.1 * php8-snmp-debuginfo-8.0.30-150400.4.46.1 * php8-sockets-debuginfo-8.0.30-150400.4.46.1 * php8-fpm-8.0.30-150400.4.46.1 * php8-pgsql-8.0.30-150400.4.46.1 * php8-xmlreader-8.0.30-150400.4.46.1 * php8-tokenizer-debuginfo-8.0.30-150400.4.46.1 * php8-ldap-debuginfo-8.0.30-150400.4.46.1 * php8-openssl-debuginfo-8.0.30-150400.4.46.1 * php8-embed-8.0.30-150400.4.46.1 * php8-snmp-8.0.30-150400.4.46.1 * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * php8-cli-debuginfo-8.0.30-150400.4.46.1 * php8-ftp-8.0.30-150400.4.46.1 * php8-tokenizer-8.0.30-150400.4.46.1 * php8-test-8.0.30-150400.4.46.1 * php8-bz2-8.0.30-150400.4.46.1 * php8-fileinfo-8.0.30-150400.4.46.1 * php8-curl-8.0.30-150400.4.46.1 * php8-fpm-debugsource-8.0.30-150400.4.46.1 * php8-calendar-8.0.30-150400.4.46.1 * php8-gettext-debuginfo-8.0.30-150400.4.46.1 * php8-xmlreader-debuginfo-8.0.30-150400.4.46.1 * php8-bcmath-debuginfo-8.0.30-150400.4.46.1 * php8-xmlwriter-8.0.30-150400.4.46.1 * php8-sqlite-debuginfo-8.0.30-150400.4.46.1 * php8-shmop-debuginfo-8.0.30-150400.4.46.1 * php8-debuginfo-8.0.30-150400.4.46.1 * php8-odbc-debuginfo-8.0.30-150400.4.46.1 * php8-pdo-8.0.30-150400.4.46.1 * php8-zip-debuginfo-8.0.30-150400.4.46.1 * php8-sysvmsg-8.0.30-150400.4.46.1 * php8-bz2-debuginfo-8.0.30-150400.4.46.1 * php8-8.0.30-150400.4.46.1 * php8-embed-debuginfo-8.0.30-150400.4.46.1 * php8-openssl-8.0.30-150400.4.46.1 * php8-gd-8.0.30-150400.4.46.1 * php8-tidy-8.0.30-150400.4.46.1 * php8-pcntl-debuginfo-8.0.30-150400.4.46.1 * php8-sysvsem-8.0.30-150400.4.46.1 * php8-odbc-8.0.30-150400.4.46.1 * php8-ctype-debuginfo-8.0.30-150400.4.46.1 * php8-embed-debugsource-8.0.30-150400.4.46.1 * php8-gd-debuginfo-8.0.30-150400.4.46.1 * php8-sysvmsg-debuginfo-8.0.30-150400.4.46.1 * php8-zlib-8.0.30-150400.4.46.1 * php8-dom-8.0.30-150400.4.46.1 * php8-mbstring-debuginfo-8.0.30-150400.4.46.1 * php8-readline-8.0.30-150400.4.46.1 * php8-fileinfo-debuginfo-8.0.30-150400.4.46.1 * php8-sqlite-8.0.30-150400.4.46.1 * php8-soap-8.0.30-150400.4.46.1 * php8-pdo-debuginfo-8.0.30-150400.4.46.1 * php8-iconv-debuginfo-8.0.30-150400.4.46.1 * php8-mysql-8.0.30-150400.4.46.1 * php8-cli-8.0.30-150400.4.46.1 * php8-ftp-debuginfo-8.0.30-150400.4.46.1 * php8-devel-8.0.30-150400.4.46.1 * php8-debugsource-8.0.30-150400.4.46.1 * php8-intl-debuginfo-8.0.30-150400.4.46.1 * apache2-mod_php8-debuginfo-8.0.30-150400.4.46.1 * php8-posix-8.0.30-150400.4.46.1 * php8-xmlwriter-debuginfo-8.0.30-150400.4.46.1 * php8-phar-8.0.30-150400.4.46.1 * php8-dom-debuginfo-8.0.30-150400.4.46.1 * php8-sodium-debuginfo-8.0.30-150400.4.46.1 * php8-soap-debuginfo-8.0.30-150400.4.46.1 * php8-intl-8.0.30-150400.4.46.1 * php8-pgsql-debuginfo-8.0.30-150400.4.46.1 * php8-iconv-8.0.30-150400.4.46.1 * php8-gmp-debuginfo-8.0.30-150400.4.46.1 * php8-dba-debuginfo-8.0.30-150400.4.46.1 * php8-calendar-debuginfo-8.0.30-150400.4.46.1 * php8-fastcgi-debugsource-8.0.30-150400.4.46.1 * php8-zlib-debuginfo-8.0.30-150400.4.46.1 * php8-xsl-8.0.30-150400.4.46.1 * apache2-mod_php8-8.0.30-150400.4.46.1 * php8-exif-debuginfo-8.0.30-150400.4.46.1 * php8-mysql-debuginfo-8.0.30-150400.4.46.1 * php8-opcache-8.0.30-150400.4.46.1 * php8-curl-debuginfo-8.0.30-150400.4.46.1 * php8-fastcgi-debuginfo-8.0.30-150400.4.46.1 * php8-sockets-8.0.30-150400.4.46.1 * php8-tidy-debuginfo-8.0.30-150400.4.46.1 * php8-exif-8.0.30-150400.4.46.1 * php8-xsl-debuginfo-8.0.30-150400.4.46.1 * php8-zip-8.0.30-150400.4.46.1 * php8-enchant-8.0.30-150400.4.46.1 * php8-sysvshm-debuginfo-8.0.30-150400.4.46.1 * php8-sysvsem-debuginfo-8.0.30-150400.4.46.1 * php8-readline-debuginfo-8.0.30-150400.4.46.1 * php8-pcntl-8.0.30-150400.4.46.1 * php8-ctype-8.0.30-150400.4.46.1 * php8-dba-8.0.30-150400.4.46.1 * php8-ldap-8.0.30-150400.4.46.1 * php8-bcmath-8.0.30-150400.4.46.1 * php8-posix-debuginfo-8.0.30-150400.4.46.1 * php8-mbstring-8.0.30-150400.4.46.1 * apache2-mod_php8-debugsource-8.0.30-150400.4.46.1 * php8-phar-debuginfo-8.0.30-150400.4.46.1 * php8-opcache-debuginfo-8.0.30-150400.4.46.1 * php8-gmp-8.0.30-150400.4.46.1 * php8-sysvshm-8.0.30-150400.4.46.1 * php8-fastcgi-8.0.30-150400.4.46.1 * php8-gettext-8.0.30-150400.4.46.1 * php8-sodium-8.0.30-150400.4.46.1 * php8-enchant-debuginfo-8.0.30-150400.4.46.1 * php8-shmop-8.0.30-150400.4.46.1 * php8-fpm-debuginfo-8.0.30-150400.4.46.1 * php8-snmp-debuginfo-8.0.30-150400.4.46.1 * php8-sockets-debuginfo-8.0.30-150400.4.46.1 * php8-fpm-8.0.30-150400.4.46.1 * php8-pgsql-8.0.30-150400.4.46.1 * php8-xmlreader-8.0.30-150400.4.46.1 * php8-tokenizer-debuginfo-8.0.30-150400.4.46.1 * php8-ldap-debuginfo-8.0.30-150400.4.46.1 * php8-openssl-debuginfo-8.0.30-150400.4.46.1 * php8-embed-8.0.30-150400.4.46.1 * php8-snmp-8.0.30-150400.4.46.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8925.html * https://www.suse.com/security/cve/CVE-2024-8927.html * https://www.suse.com/security/cve/CVE-2024-9026.html * https://bugzilla.suse.com/show_bug.cgi?id=1231358 * https://bugzilla.suse.com/show_bug.cgi?id=1231360 * https://bugzilla.suse.com/show_bug.cgi?id=1231382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 16:30:48 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 16:30:48 -0000 Subject: SUSE-SU-2024:3658-1: moderate: Security update for keepalived Message-ID: <172909624865.7152.16151833953683015166@smelt2.prg2.suse.org> # Security update for keepalived Announcement ID: SUSE-SU-2024:3658-1 Release Date: 2024-10-16T13:03:40Z Rating: moderate References: * bsc#1228123 Cross-References: * CVE-2024-41184 CVSS scores: * CVE-2024-41184 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for keepalived fixes the following issues: * CVE-2024-41184: fixed integer overflow in vrrp_ipsets_handler (bsc#1228123) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-3658=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-3658=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * keepalived-2.0.19-150100.3.9.1 * keepalived-debugsource-2.0.19-150100.3.9.1 * keepalived-debuginfo-2.0.19-150100.3.9.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * keepalived-2.0.19-150100.3.9.1 * keepalived-debugsource-2.0.19-150100.3.9.1 * keepalived-debuginfo-2.0.19-150100.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41184.html * https://bugzilla.suse.com/show_bug.cgi?id=1228123 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:30:12 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:30:12 -0000 Subject: SUSE-SU-2024:3702-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5) Message-ID: <172911061271.6932.10431525763465924528@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3702-1 Release Date: 2024-10-16T19:34:10Z Rating: important References: * bsc#1223683 * bsc#1225099 * bsc#1225739 * bsc#1228349 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-26923 * CVE-2024-36899 * CVE-2024-40909 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_68 fixes several issues. The following security issues were fixed: * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3702=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3702=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_15-debugsource-4-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-4-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_68-default-4-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_15-debugsource-4-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-4-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_68-default-4-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1228349 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:30:20 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:30:20 -0000 Subject: SUSE-SU-2024:3701-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5) Message-ID: <172911062022.6932.4940675860472789782@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3701-1 Release Date: 2024-10-16T19:34:00Z Rating: important References: * bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_62 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3701=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3701=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_62-default-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-5-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_13-debugsource-5-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_62-default-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-5-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_13-debugsource-5-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:30:31 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:30:31 -0000 Subject: SUSE-SU-2024:3700-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4) Message-ID: <172911063134.6932.14452755192254941123@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3700-1 Release Date: 2024-10-16T19:33:49Z Rating: important References: * bsc#1223059 * bsc#1223363 * bsc#1223681 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_119 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3700=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3700=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_26-debugsource-6-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-6-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_119-default-6-150400.9.6.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_26-debugsource-6-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-6-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_119-default-6-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:30:33 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:30:33 -0000 Subject: SUSE-SU-2024:3698-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5) Message-ID: <172911063385.6932.12685506431442418577@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3698-1 Release Date: 2024-10-16T19:33:32Z Rating: important References: * bsc#1228573 Cross-References: * CVE-2024-41059 CVSS scores: * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_222 fixes one issue. The following security issue was fixed: * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3698=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_222-default-2-8.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:30:49 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:30:49 -0000 Subject: SUSE-SU-2024:3697-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5) Message-ID: <172911064970.6932.5575955227625451612@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3697-1 Release Date: 2024-10-16T19:04:40Z Rating: important References: * bsc#1220145 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52502 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 19 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_52 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3697=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3697=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_11-debugsource-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-7-150500.11.6.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_11-debugsource-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-7-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-7-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:31:05 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:31:05 -0000 Subject: SUSE-SU-2024:3696-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4) Message-ID: <172911066518.6932.10190958360585588329@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3696-1 Release Date: 2024-10-16T19:04:30Z Rating: important References: * bsc#1220145 * bsc#1221302 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52846 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_116 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3696=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3696=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_25-debugsource-7-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_116-default-7-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-7-150400.9.8.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_25-debugsource-7-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_116-default-7-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-7-150400.9.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:31:22 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:31:22 -0000 Subject: SUSE-SU-2024:3695-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4) Message-ID: <172911068218.6932.3542070857380533903@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3695-1 Release Date: 2024-10-16T19:04:20Z Rating: important References: * bsc#1220145 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52502 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 20 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_111 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3695=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3695=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_24-debugsource-7-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-7-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_111-default-7-150400.9.6.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_24-debugsource-7-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-7-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_111-default-7-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:31:25 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:31:25 -0000 Subject: SUSE-SU-2024:3687-1: important: Security update for the Linux Kernel (Live Patch 53 for SLE 12 SP5) Message-ID: <172911068525.6932.5611817987355521447@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 53 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3687-1 Release Date: 2024-10-16T18:33:32Z Rating: important References: * bsc#1226325 * bsc#1228573 Cross-References: * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_194 fixes several issues. The following security issues were fixed: * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3687=1 SUSE-SLE-Live- Patching-12-SP5-2024-3682=1 SUSE-SLE-Live-Patching-12-SP5-2024-3683=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_176-default-14-2.1 * kgraft-patch-4_12_14-122_186-default-12-2.1 * kgraft-patch-4_12_14-122_194-default-9-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:31:27 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:31:27 -0000 Subject: SUSE-SU-2024:3680-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6) Message-ID: <172911068781.6932.2797352998771560114@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6) Announcement ID: SUSE-SU-2024:3680-1 Release Date: 2024-10-16T17:34:24Z Rating: important References: * bsc#1225739 * bsc#1228786 Cross-References: * CVE-2024-36899 * CVE-2024-40954 CVSS scores: * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_7 fixes several issues. The following security issues were fixed: * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3680=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3680=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_1-debugsource-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_7-default-3-150600.13.6.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_1-debugsource-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_7-default-3-150600.13.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:31:40 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:31:40 -0000 Subject: SUSE-SU-2024:3679-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5) Message-ID: <172911070079.6932.14224146924493429234@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3679-1 Release Date: 2024-10-16T17:34:15Z Rating: important References: * bsc#1221302 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52846 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 14 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_59 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3679=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3679=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_59-default-7-150500.11.10.1 * kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-7-150500.11.10.1 * kernel-livepatch-SLE15-SP5_Update_12-debugsource-7-150500.11.10.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_59-default-7-150500.11.10.1 * kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-7-150500.11.10.1 * kernel-livepatch-SLE15-SP5_Update_12-debugsource-7-150500.11.10.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:31:58 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:31:58 -0000 Subject: SUSE-SU-2024:3694-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5) Message-ID: <172911071850.6932.9027326765868220236@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3694-1 Release Date: 2024-10-16T19:04:10Z Rating: important References: * bsc#1219296 * bsc#1220145 * bsc#1220211 * bsc#1220828 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52340 * CVE-2023-52502 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26585 * CVE-2024-26610 * CVE-2024-26622 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 23 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_49 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220211). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828). * CVE-2023-52340: Fixed a denial of service related to ICMPv6 'Packet Too Big' packets (bsc#1219296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3694=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3694=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3678=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3678=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-9-150400.9.8.1 * kernel-livepatch-SLE15-SP4_Update_23-debugsource-9-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_108-default-9-150400.9.8.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-9-150400.9.8.1 * kernel-livepatch-SLE15-SP4_Update_23-debugsource-9-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_108-default-9-150400.9.8.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_49-default-9-150500.11.8.1 * kernel-livepatch-SLE15-SP5_Update_10-debugsource-9-150500.11.8.1 * kernel-livepatch-5_14_21-150500_55_49-default-debuginfo-9-150500.11.8.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_49-default-9-150500.11.8.1 * kernel-livepatch-SLE15-SP5_Update_10-debugsource-9-150500.11.8.1 * kernel-livepatch-5_14_21-150500_55_49-default-debuginfo-9-150500.11.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52340.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26622.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1219296 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220211 * https://bugzilla.suse.com/show_bug.cgi?id=1220828 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:32:05 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:32:05 -0000 Subject: SUSE-SU-2024:3676-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP2) Message-ID: <172911072501.6932.17462159866225690035@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3676-1 Release Date: 2024-10-16T17:33:49Z Rating: important References: * bsc#1223683 * bsc#1225310 * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2024-26923 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_194 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3676=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_194-default-3-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_194-default-debuginfo-3-150200.5.6.1 * kernel-livepatch-SLE15-SP2_Update_49-debugsource-3-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:32:09 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:32:09 -0000 Subject: SUSE-SU-2024:3674-1: important: Security update for the Linux Kernel (Live Patch 57 for SLE 12 SP5) Message-ID: <172911072999.6932.17394181346455572355@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 57 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3674-1 Release Date: 2024-10-16T17:03:36Z Rating: important References: * bsc#1223683 * bsc#1225310 * bsc#1226325 * bsc#1228573 Cross-References: * CVE-2024-26923 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_219 fixes several issues. The following security issues were fixed: * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3674=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_219-default-3-8.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:32:17 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:32:17 -0000 Subject: SUSE-SU-2024:3672-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4) Message-ID: <172911073715.6932.17813595344082822305@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3672-1 Release Date: 2024-10-16T16:34:16Z Rating: important References: * bsc#1223683 * bsc#1225099 * bsc#1225310 * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-26923 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_122 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3672=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3672=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-4-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-4-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_122-default-4-150400.9.6.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-4-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-4-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_122-default-4-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:32:22 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:32:22 -0000 Subject: SUSE-SU-2024:3670-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5) Message-ID: <172911074225.6932.18268528022496378179@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3670-1 Release Date: 2024-10-16T19:33:39Z Rating: important References: * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_44 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3670=1 SUSE-2024-3699=1 SUSE-2024-3671=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3670=1 SUSE-SLE- Module-Live-Patching-15-SP4-2024-3699=1 SUSE-SLE-Module-Live- Patching-15-SP4-2024-3671=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3689=1 SUSE-2024-3673=1 SUSE-2024-3688=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3689=1 SUSE-SLE- Module-Live-Patching-15-SP5-2024-3673=1 SUSE-SLE-Module-Live- Patching-15-SP5-2024-3688=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_97-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-10-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_22-debugsource-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_103-default-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-12-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_21-debugsource-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_100-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-12-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_20-debugsource-12-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_97-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-10-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_22-debugsource-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_103-default-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-12-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_21-debugsource-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_100-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-12-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_20-debugsource-12-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_5-debugsource-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_8-debugsource-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_9-debugsource-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_44-default-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-14-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_5-debugsource-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_8-debugsource-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_9-debugsource-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_44-default-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-14-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:32:32 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:32:32 -0000 Subject: SUSE-SU-2024:3685-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3) Message-ID: <172911075264.6932.3236779018801371314@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3685-1 Release Date: 2024-10-16T18:04:02Z Rating: important References: * bsc#1210619 * bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225310 * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2023-1829 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3685=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3669=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3669=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_191-default-6-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_191-default-debuginfo-6-150200.5.6.1 * kernel-livepatch-SLE15-SP2_Update_48-debugsource-6-150200.5.6.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_44-debugsource-6-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_161-default-debuginfo-6-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_161-default-6-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_161-preempt-6-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_161-preempt-debuginfo-6-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_161-default-6-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:32:37 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:32:37 -0000 Subject: SUSE-SU-2024:3690-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3) Message-ID: <172911075740.6932.417650066549054516@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3690-1 Release Date: 2024-10-16T19:04:01Z Rating: important References: * bsc#1225312 * bsc#1226325 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2024-35861 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_147 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3684=1 SUSE-SLE- Module-Live-Patching-15-SP2-2024-3691=1 SUSE-SLE-Module-Live- Patching-15-SP2-2024-3667=1 SUSE-SLE-Module-Live-Patching-15-SP2-2024-3690=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3692=1 SUSE-2024-3668=1 SUSE-2024-3677=1 SUSE-2024-3686=1 SUSE-2024-3693=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3692=1 SUSE-SLE- Module-Live-Patching-15-SP3-2024-3668=1 SUSE-SLE-Module-Live- Patching-15-SP3-2024-3677=1 SUSE-SLE-Module-Live-Patching-15-SP3-2024-3686=1 SUSE-SLE-Module-Live-Patching-15-SP3-2024-3693=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_163-default-14-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_43-debugsource-12-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_44-debugsource-13-150200.2.1 * kernel-livepatch-5_3_18-150200_24_172-default-12-150200.2.1 * kernel-livepatch-5_3_18-150200_24_172-default-debuginfo-12-150200.2.1 * kernel-livepatch-5_3_18-150200_24_175-default-debuginfo-13-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_40-debugsource-14-150200.2.1 * kernel-livepatch-5_3_18-150200_24_163-default-debuginfo-14-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_42-debugsource-14-150200.2.1 * kernel-livepatch-5_3_18-150200_24_169-default-debuginfo-14-150200.2.1 * kernel-livepatch-5_3_18-150200_24_175-default-13-150200.2.1 * kernel-livepatch-5_3_18-150200_24_169-default-14-150200.2.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_144-default-debuginfo-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_138-default-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_133-default-debuginfo-14-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_39-debugsource-12-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_38-debugsource-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_144-default-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_147-default-12-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_36-debugsource-14-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_37-debugsource-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_147-default-debuginfo-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_138-default-debuginfo-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-default-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-default-debuginfo-13-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_40-debugsource-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_133-default-14-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_133-preempt-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-preempt-debuginfo-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_138-preempt-debuginfo-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_133-preempt-debuginfo-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_144-preempt-debuginfo-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-preempt-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_144-preempt-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_147-preempt-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_147-preempt-debuginfo-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_138-preempt-14-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_138-default-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_144-default-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_147-default-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-default-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_133-default-14-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:32:43 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:32:43 -0000 Subject: SUSE-SU-2024:3666-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6) Message-ID: <172911076392.6932.6323998373335375725@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6) Announcement ID: SUSE-SU-2024:3666-1 Release Date: 2024-10-16T16:03:40Z Rating: important References: * bsc#1225099 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1226325 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_21 fixes several issues. The following security issues were fixed: * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3666=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3666=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_21-default-5-150600.1.1 * kernel-livepatch-6_4_0-150600_21-default-debuginfo-5-150600.1.1 * kernel-livepatch-SLE15-SP6_Update_0-debugsource-5-150600.1.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_21-default-5-150600.1.1 * kernel-livepatch-6_4_0-150600_21-default-debuginfo-5-150600.1.1 * kernel-livepatch-SLE15-SP6_Update_0-debugsource-5-150600.1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 16 20:32:50 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 16 Oct 2024 20:32:50 -0000 Subject: SUSE-SU-2024:3675-1: important: Security update for libarchive Message-ID: <172911077039.6932.9070180199376259136@smelt2.prg2.suse.org> # Security update for libarchive Announcement ID: SUSE-SU-2024:3675-1 Release Date: 2024-10-16T17:33:40Z Rating: important References: * bsc#1231544 Cross-References: * CVE-2024-48957 CVSS scores: * CVE-2024-48957 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-48957 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2024-48957 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-48957 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for libarchive fixes the following issues: * CVE-2024-48957: Fixed out-of-bounds access in execute_filter_audio in archive_read_support_format_rar.c (bsc#1231544). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3675=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3675=1 openSUSE-SLE-15.6-2024-3675=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3675=1 ## Package List: * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * bsdtar-debuginfo-3.7.2-150600.3.6.1 * libarchive-debugsource-3.7.2-150600.3.6.1 * bsdtar-3.7.2-150600.3.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libarchive-devel-3.7.2-150600.3.6.1 * libarchive13-debuginfo-3.7.2-150600.3.6.1 * libarchive13-3.7.2-150600.3.6.1 * libarchive-debugsource-3.7.2-150600.3.6.1 * bsdtar-debuginfo-3.7.2-150600.3.6.1 * bsdtar-3.7.2-150600.3.6.1 * openSUSE Leap 15.6 (x86_64) * libarchive13-32bit-debuginfo-3.7.2-150600.3.6.1 * libarchive13-32bit-3.7.2-150600.3.6.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libarchive13-64bit-debuginfo-3.7.2-150600.3.6.1 * libarchive13-64bit-3.7.2-150600.3.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libarchive13-3.7.2-150600.3.6.1 * libarchive-devel-3.7.2-150600.3.6.1 * libarchive-debugsource-3.7.2-150600.3.6.1 * libarchive13-debuginfo-3.7.2-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-48957.html * https://bugzilla.suse.com/show_bug.cgi?id=1231544 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 17 08:30:38 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 17 Oct 2024 08:30:38 -0000 Subject: SUSE-SU-2024:3710-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5) Message-ID: <172915383886.7152.2523741802223400042@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3710-1 Release Date: 2024-10-16T21:44:03Z Rating: important References: * bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_65 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3710=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3710=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_65-default-5-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_14-debugsource-5-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_65-default-5-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_14-debugsource-5-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 17 08:30:41 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 17 Oct 2024 08:30:41 -0000 Subject: SUSE-SU-2024:3707-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4) Message-ID: <172915384196.7152.11666405264087025602@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3707-1 Release Date: 2024-10-16T20:52:37Z Rating: important References: * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_125 fixes several issues. The following security issues were fixed: * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3707=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3707=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-2-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_125-default-2-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_28-debugsource-2-150400.9.6.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-2-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_125-default-2-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_28-debugsource-2-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 17 08:30:54 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 17 Oct 2024 08:30:54 -0000 Subject: SUSE-SU-2024:3706-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5) Message-ID: <172915385437.7152.4794440364677033826@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3706-1 Release Date: 2024-10-16T21:17:23Z Rating: important References: * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_36 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3706=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3709=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3709=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3706=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_88-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_18-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-14-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_36-default-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_7-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-12-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_36-default-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_7-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-12-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_88-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_18-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-14-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 17 08:30:57 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 17 Oct 2024 08:30:57 -0000 Subject: SUSE-SU-2024:3704-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3) Message-ID: <172915385752.7152.14106562471703160759@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3704-1 Release Date: 2024-10-16T20:52:19Z Rating: important References: * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues. The following security issues were fixed: * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3704=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3705=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3705=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_197-default-debuginfo-2-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_197-default-2-150200.5.6.1 * kernel-livepatch-SLE15-SP2_Update_50-debugsource-2-150200.5.6.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_46-debugsource-2-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_167-default-debuginfo-2-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_167-default-2-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_167-preempt-2-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_167-preempt-debuginfo-2-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_167-default-2-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 17 08:31:23 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 17 Oct 2024 08:31:23 -0000 Subject: SUSE-SU-2024:3708-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6) Message-ID: <172915388347.7152.10274226710807406812@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6) Announcement ID: SUSE-SU-2024:3708-1 Release Date: 2024-10-16T20:52:47Z Rating: important References: * bsc#1228349 * bsc#1228786 Cross-References: * CVE-2024-40909 * CVE-2024-40954 CVSS scores: * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_17 fixes several issues. The following security issues were fixed: * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3708=1 SUSE-2024-3703=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3708=1 SUSE-SLE- Module-Live-Patching-15-SP6-2024-3703=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_2-debugsource-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_17-default-3-150600.13.6.1 * kernel-livepatch-SLE15-SP6_Update_3-debugsource-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_14-default-3-150600.13.6.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_2-debugsource-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_17-default-3-150600.13.6.1 * kernel-livepatch-SLE15-SP6_Update_3-debugsource-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_14-default-3-150600.13.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://bugzilla.suse.com/show_bug.cgi?id=1228349 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 17 16:30:20 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 17 Oct 2024 16:30:20 -0000 Subject: SUSE-SU-2024:3711-1: critical: Security update for cups-filters Message-ID: <172918262067.6932.16866151429014027756@smelt2.prg2.suse.org> # Security update for cups-filters Announcement ID: SUSE-SU-2024:3711-1 Release Date: 2024-10-17T12:33:37Z Rating: critical References: * bsc#1230939 * bsc#1231294 Cross-References: * CVE-2024-47176 * CVE-2024-47850 CVSS scores: * CVE-2024-47176 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2024-47176 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-47176 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-47850 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H * CVE-2024-47850 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-47850 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for cups-filters fixes the following issues: * cups-browsed would bind on UDP INADDR_ANY:631 and trust any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. This patch removes support for the legacy CUPS and LDAP protocols, the previous patch fix for this issue was incomplete (bsc#1230939, bsc#1231294, CVE-2024-47176, CVE-2024-47850) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3711=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3711=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3711=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * cups-filters-foomatic-rip-debuginfo-1.0.58-19.29.1 * cups-filters-cups-browsed-1.0.58-19.29.1 * cups-filters-ghostscript-debuginfo-1.0.58-19.29.1 * cups-filters-cups-browsed-debuginfo-1.0.58-19.29.1 * cups-filters-debugsource-1.0.58-19.29.1 * cups-filters-debuginfo-1.0.58-19.29.1 * cups-filters-1.0.58-19.29.1 * cups-filters-ghostscript-1.0.58-19.29.1 * cups-filters-foomatic-rip-1.0.58-19.29.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * cups-filters-foomatic-rip-debuginfo-1.0.58-19.29.1 * cups-filters-cups-browsed-1.0.58-19.29.1 * cups-filters-ghostscript-debuginfo-1.0.58-19.29.1 * cups-filters-cups-browsed-debuginfo-1.0.58-19.29.1 * cups-filters-debugsource-1.0.58-19.29.1 * cups-filters-debuginfo-1.0.58-19.29.1 * cups-filters-1.0.58-19.29.1 * cups-filters-ghostscript-1.0.58-19.29.1 * cups-filters-foomatic-rip-1.0.58-19.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * cups-filters-foomatic-rip-debuginfo-1.0.58-19.29.1 * cups-filters-cups-browsed-1.0.58-19.29.1 * cups-filters-ghostscript-debuginfo-1.0.58-19.29.1 * cups-filters-cups-browsed-debuginfo-1.0.58-19.29.1 * cups-filters-debugsource-1.0.58-19.29.1 * cups-filters-debuginfo-1.0.58-19.29.1 * cups-filters-1.0.58-19.29.1 * cups-filters-ghostscript-1.0.58-19.29.1 * cups-filters-foomatic-rip-1.0.58-19.29.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47176.html * https://www.suse.com/security/cve/CVE-2024-47850.html * https://bugzilla.suse.com/show_bug.cgi?id=1230939 * https://bugzilla.suse.com/show_bug.cgi?id=1231294 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 18 08:30:32 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 18 Oct 2024 08:30:32 -0000 Subject: SUSE-SU-2024:3720-1: moderate: Security update for jetty-minimal Message-ID: <172924023277.6932.1738067629111753723@smelt2.prg2.suse.org> # Security update for jetty-minimal Announcement ID: SUSE-SU-2024:3720-1 Release Date: 2024-10-18T06:34:07Z Rating: moderate References: * bsc#1231651 Cross-References: * CVE-2024-8184 CVSS scores: * CVE-2024-8184 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-8184 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-8184 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for jetty-minimal fixes the following issues: * CVE-2024-8184: Fixed remote denial-of-service in ThreadLimitHandler.getRemote() (bsc#1231651). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3720=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3720=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3720=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3720=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3720=1 ## Package List: * openSUSE Leap 15.5 (noarch) * jetty-client-9.4.56-150200.3.28.1 * jetty-minimal-javadoc-9.4.56-150200.3.28.1 * jetty-annotations-9.4.56-150200.3.28.1 * jetty-io-9.4.56-150200.3.28.1 * jetty-openid-9.4.56-150200.3.28.1 * jetty-server-9.4.56-150200.3.28.1 * jetty-rewrite-9.4.56-150200.3.28.1 * jetty-start-9.4.56-150200.3.28.1 * jetty-cdi-9.4.56-150200.3.28.1 * jetty-proxy-9.4.56-150200.3.28.1 * jetty-quickstart-9.4.56-150200.3.28.1 * jetty-jsp-9.4.56-150200.3.28.1 * jetty-plus-9.4.56-150200.3.28.1 * jetty-security-9.4.56-150200.3.28.1 * jetty-servlet-9.4.56-150200.3.28.1 * jetty-jmx-9.4.56-150200.3.28.1 * jetty-util-9.4.56-150200.3.28.1 * jetty-webapp-9.4.56-150200.3.28.1 * jetty-http-spi-9.4.56-150200.3.28.1 * jetty-util-ajax-9.4.56-150200.3.28.1 * jetty-servlets-9.4.56-150200.3.28.1 * jetty-http-9.4.56-150200.3.28.1 * jetty-ant-9.4.56-150200.3.28.1 * jetty-jaas-9.4.56-150200.3.28.1 * jetty-continuation-9.4.56-150200.3.28.1 * jetty-jndi-9.4.56-150200.3.28.1 * jetty-fcgi-9.4.56-150200.3.28.1 * jetty-deploy-9.4.56-150200.3.28.1 * jetty-xml-9.4.56-150200.3.28.1 * openSUSE Leap 15.6 (noarch) * jetty-client-9.4.56-150200.3.28.1 * jetty-minimal-javadoc-9.4.56-150200.3.28.1 * jetty-annotations-9.4.56-150200.3.28.1 * jetty-io-9.4.56-150200.3.28.1 * jetty-openid-9.4.56-150200.3.28.1 * jetty-server-9.4.56-150200.3.28.1 * jetty-rewrite-9.4.56-150200.3.28.1 * jetty-start-9.4.56-150200.3.28.1 * jetty-cdi-9.4.56-150200.3.28.1 * jetty-proxy-9.4.56-150200.3.28.1 * jetty-quickstart-9.4.56-150200.3.28.1 * jetty-jsp-9.4.56-150200.3.28.1 * jetty-plus-9.4.56-150200.3.28.1 * jetty-security-9.4.56-150200.3.28.1 * jetty-servlet-9.4.56-150200.3.28.1 * jetty-jmx-9.4.56-150200.3.28.1 * jetty-util-9.4.56-150200.3.28.1 * jetty-webapp-9.4.56-150200.3.28.1 * jetty-http-spi-9.4.56-150200.3.28.1 * jetty-util-ajax-9.4.56-150200.3.28.1 * jetty-servlets-9.4.56-150200.3.28.1 * jetty-http-9.4.56-150200.3.28.1 * jetty-ant-9.4.56-150200.3.28.1 * jetty-jaas-9.4.56-150200.3.28.1 * jetty-continuation-9.4.56-150200.3.28.1 * jetty-jndi-9.4.56-150200.3.28.1 * jetty-fcgi-9.4.56-150200.3.28.1 * jetty-deploy-9.4.56-150200.3.28.1 * jetty-xml-9.4.56-150200.3.28.1 * Development Tools Module 15-SP5 (noarch) * jetty-server-9.4.56-150200.3.28.1 * jetty-servlet-9.4.56-150200.3.28.1 * jetty-security-9.4.56-150200.3.28.1 * jetty-util-9.4.56-150200.3.28.1 * jetty-util-ajax-9.4.56-150200.3.28.1 * jetty-http-9.4.56-150200.3.28.1 * jetty-io-9.4.56-150200.3.28.1 * Development Tools Module 15-SP6 (noarch) * jetty-server-9.4.56-150200.3.28.1 * jetty-servlet-9.4.56-150200.3.28.1 * jetty-security-9.4.56-150200.3.28.1 * jetty-util-9.4.56-150200.3.28.1 * jetty-util-ajax-9.4.56-150200.3.28.1 * jetty-http-9.4.56-150200.3.28.1 * jetty-io-9.4.56-150200.3.28.1 * SUSE Package Hub 15 15-SP6 (noarch) * jetty-continuation-9.4.56-150200.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8184.html * https://bugzilla.suse.com/show_bug.cgi?id=1231651 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 18 08:30:35 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 18 Oct 2024 08:30:35 -0000 Subject: SUSE-SU-2024:3719-1: important: Security update for python-starlette Message-ID: <172924023536.6932.8268261394354384114@smelt2.prg2.suse.org> # Security update for python-starlette Announcement ID: SUSE-SU-2024:3719-1 Release Date: 2024-10-18T05:54:49Z Rating: important References: * bsc#1231689 Cross-References: * CVE-2024-47874 CVSS scores: * CVE-2024-47874 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47874 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47874 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47874 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-starlette fixes the following issues: * CVE-2024-47874: Fixed possible DoS via parts size in multipart/form-data requests (bsc#1231689) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3719=1 openSUSE-SLE-15.6-2024-3719=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-starlette-0.35.1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47874.html * https://bugzilla.suse.com/show_bug.cgi?id=1231689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 18 08:30:42 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 18 Oct 2024 08:30:42 -0000 Subject: SUSE-SU-2024:3717-1: moderate: Security update for OpenIPMI Message-ID: <172924024249.6932.1404414584940826761@smelt2.prg2.suse.org> # Security update for OpenIPMI Announcement ID: SUSE-SU-2024:3717-1 Release Date: 2024-10-18T00:33:55Z Rating: moderate References: * bsc#1229910 Cross-References: * CVE-2024-42934 CVSS scores: * CVE-2024-42934 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-42934 ( SUSE ): 5.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for OpenIPMI fixes the following issues: * CVE-2024-42934: Fixed missing check on the authorization type on incoming LAN messages in IPMI simulator (bsc#1229910) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3717=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3717=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3717=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3717=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * OpenIPMI-debugsource-2.0.21-10.9.1 * OpenIPMI-devel-2.0.21-10.9.1 * OpenIPMI-debuginfo-2.0.21-10.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * OpenIPMI-debugsource-2.0.21-10.9.1 * OpenIPMI-python-2.0.21-10.9.1 * OpenIPMI-2.0.21-10.9.1 * OpenIPMI-python-debuginfo-2.0.21-10.9.1 * OpenIPMI-debuginfo-2.0.21-10.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * OpenIPMI-debugsource-2.0.21-10.9.1 * OpenIPMI-python-2.0.21-10.9.1 * OpenIPMI-2.0.21-10.9.1 * OpenIPMI-python-debuginfo-2.0.21-10.9.1 * OpenIPMI-debuginfo-2.0.21-10.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * OpenIPMI-debugsource-2.0.21-10.9.1 * OpenIPMI-python-2.0.21-10.9.1 * OpenIPMI-2.0.21-10.9.1 * OpenIPMI-python-debuginfo-2.0.21-10.9.1 * OpenIPMI-debuginfo-2.0.21-10.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-42934.html * https://bugzilla.suse.com/show_bug.cgi?id=1229910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 18 16:30:09 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 18 Oct 2024 16:30:09 -0000 Subject: SUSE-SU-2024:3733-1: moderate: Security update for php7 Message-ID: <172926900919.6514.14007969151984342126@smelt2.prg2.suse.org> # Security update for php7 Announcement ID: SUSE-SU-2024:3733-1 Release Date: 2024-10-18T15:48:48Z Rating: moderate References: * bsc#1231358 * bsc#1231360 * bsc#1231382 Cross-References: * CVE-2024-8925 * CVE-2024-8927 * CVE-2024-9026 CVSS scores: * CVE-2024-8925 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8925 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8925 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8925 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8927 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-8927 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-8927 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9026 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9026 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-9026 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-9026 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP5 * Legacy Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) * CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) * CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3733=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3733=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3733=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-3733=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-3733=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3733=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3733=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-mod_php7-debuginfo-7.4.33-150400.4.40.1 * php7-debuginfo-7.4.33-150400.4.40.1 * php7-dom-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-7.4.33-150400.4.40.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-7.4.33-150400.4.40.1 * php7-gd-7.4.33-150400.4.40.1 * php7-pcntl-7.4.33-150400.4.40.1 * php7-pdo-7.4.33-150400.4.40.1 * php7-json-debuginfo-7.4.33-150400.4.40.1 * php7-openssl-debuginfo-7.4.33-150400.4.40.1 * php7-sysvshm-7.4.33-150400.4.40.1 * php7-sqlite-7.4.33-150400.4.40.1 * php7-exif-debuginfo-7.4.33-150400.4.40.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.40.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.40.1 * php7-dba-7.4.33-150400.4.40.1 * php7-opcache-7.4.33-150400.4.40.1 * php7-cli-7.4.33-150400.4.40.1 * php7-ctype-debuginfo-7.4.33-150400.4.40.1 * php7-xmlwriter-7.4.33-150400.4.40.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-7.4.33-150400.4.40.1 * php7-sqlite-debuginfo-7.4.33-150400.4.40.1 * php7-embed-7.4.33-150400.4.40.1 * php7-soap-7.4.33-150400.4.40.1 * php7-sodium-debuginfo-7.4.33-150400.4.40.1 * php7-fileinfo-7.4.33-150400.4.40.1 * php7-posix-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-7.4.33-150400.4.40.1 * php7-tidy-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-debuginfo-7.4.33-150400.4.40.1 * php7-soap-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-7.4.33-150400.4.40.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.40.1 * php7-opcache-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-debuginfo-7.4.33-150400.4.40.1 * php7-embed-debugsource-7.4.33-150400.4.40.1 * php7-calendar-debuginfo-7.4.33-150400.4.40.1 * php7-dba-debuginfo-7.4.33-150400.4.40.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-7.4.33-150400.4.40.1 * php7-curl-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-7.4.33-150400.4.40.1 * php7-mysql-debuginfo-7.4.33-150400.4.40.1 * php7-bz2-debuginfo-7.4.33-150400.4.40.1 * php7-7.4.33-150400.4.40.1 * php7-gmp-7.4.33-150400.4.40.1 * php7-posix-7.4.33-150400.4.40.1 * php7-ftp-7.4.33-150400.4.40.1 * php7-zip-7.4.33-150400.4.40.1 * php7-readline-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-debuginfo-7.4.33-150400.4.40.1 * php7-exif-7.4.33-150400.4.40.1 * php7-calendar-7.4.33-150400.4.40.1 * php7-sockets-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-7.4.33-150400.4.40.1 * php7-zlib-debuginfo-7.4.33-150400.4.40.1 * php7-readline-7.4.33-150400.4.40.1 * php7-sodium-7.4.33-150400.4.40.1 * php7-xsl-7.4.33-150400.4.40.1 * php7-bcmath-debuginfo-7.4.33-150400.4.40.1 * php7-gmp-debuginfo-7.4.33-150400.4.40.1 * php7-intl-debuginfo-7.4.33-150400.4.40.1 * php7-embed-debuginfo-7.4.33-150400.4.40.1 * php7-ftp-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debugsource-7.4.33-150400.4.40.1 * php7-test-7.4.33-150400.4.40.1 * php7-bz2-7.4.33-150400.4.40.1 * php7-phar-7.4.33-150400.4.40.1 * php7-pdo-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-debuginfo-7.4.33-150400.4.40.1 * php7-curl-7.4.33-150400.4.40.1 * php7-pcntl-debuginfo-7.4.33-150400.4.40.1 * php7-intl-7.4.33-150400.4.40.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.40.1 * php7-ldap-7.4.33-150400.4.40.1 * php7-xmlrpc-7.4.33-150400.4.40.1 * php7-cli-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-7.4.33-150400.4.40.1 * php7-ldap-debuginfo-7.4.33-150400.4.40.1 * php7-zip-debuginfo-7.4.33-150400.4.40.1 * php7-debugsource-7.4.33-150400.4.40.1 * php7-bcmath-7.4.33-150400.4.40.1 * php7-json-7.4.33-150400.4.40.1 * php7-openssl-7.4.33-150400.4.40.1 * php7-tidy-7.4.33-150400.4.40.1 * php7-mysql-7.4.33-150400.4.40.1 * php7-xsl-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-7.4.33-150400.4.40.1 * php7-mbstring-debuginfo-7.4.33-150400.4.40.1 * php7-zlib-7.4.33-150400.4.40.1 * php7-sysvsem-7.4.33-150400.4.40.1 * php7-devel-7.4.33-150400.4.40.1 * php7-fpm-debugsource-7.4.33-150400.4.40.1 * php7-gd-debuginfo-7.4.33-150400.4.40.1 * php7-dom-7.4.33-150400.4.40.1 * apache2-mod_php7-7.4.33-150400.4.40.1 * php7-fastcgi-7.4.33-150400.4.40.1 * php7-mbstring-7.4.33-150400.4.40.1 * php7-ctype-7.4.33-150400.4.40.1 * php7-phar-debuginfo-7.4.33-150400.4.40.1 * php7-sockets-7.4.33-150400.4.40.1 * php7-sysvmsg-7.4.33-150400.4.40.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-mod_php7-debuginfo-7.4.33-150400.4.40.1 * php7-debuginfo-7.4.33-150400.4.40.1 * php7-dom-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-7.4.33-150400.4.40.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-7.4.33-150400.4.40.1 * php7-gd-7.4.33-150400.4.40.1 * php7-pcntl-7.4.33-150400.4.40.1 * php7-pdo-7.4.33-150400.4.40.1 * php7-json-debuginfo-7.4.33-150400.4.40.1 * php7-openssl-debuginfo-7.4.33-150400.4.40.1 * php7-sysvshm-7.4.33-150400.4.40.1 * php7-sqlite-7.4.33-150400.4.40.1 * php7-exif-debuginfo-7.4.33-150400.4.40.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.40.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.40.1 * php7-dba-7.4.33-150400.4.40.1 * php7-opcache-7.4.33-150400.4.40.1 * php7-cli-7.4.33-150400.4.40.1 * php7-ctype-debuginfo-7.4.33-150400.4.40.1 * php7-xmlwriter-7.4.33-150400.4.40.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-7.4.33-150400.4.40.1 * php7-sqlite-debuginfo-7.4.33-150400.4.40.1 * php7-embed-7.4.33-150400.4.40.1 * php7-soap-7.4.33-150400.4.40.1 * php7-sodium-debuginfo-7.4.33-150400.4.40.1 * php7-fileinfo-7.4.33-150400.4.40.1 * php7-posix-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-7.4.33-150400.4.40.1 * php7-tidy-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-debuginfo-7.4.33-150400.4.40.1 * php7-soap-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-7.4.33-150400.4.40.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.40.1 * php7-opcache-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-debuginfo-7.4.33-150400.4.40.1 * php7-embed-debugsource-7.4.33-150400.4.40.1 * php7-calendar-debuginfo-7.4.33-150400.4.40.1 * php7-dba-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-7.4.33-150400.4.40.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.40.1 * php7-curl-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-7.4.33-150400.4.40.1 * php7-mysql-debuginfo-7.4.33-150400.4.40.1 * php7-bz2-debuginfo-7.4.33-150400.4.40.1 * php7-7.4.33-150400.4.40.1 * php7-gmp-7.4.33-150400.4.40.1 * php7-posix-7.4.33-150400.4.40.1 * php7-ftp-7.4.33-150400.4.40.1 * php7-zip-7.4.33-150400.4.40.1 * php7-readline-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-debuginfo-7.4.33-150400.4.40.1 * php7-exif-7.4.33-150400.4.40.1 * php7-calendar-7.4.33-150400.4.40.1 * php7-sockets-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-7.4.33-150400.4.40.1 * php7-zlib-debuginfo-7.4.33-150400.4.40.1 * php7-readline-7.4.33-150400.4.40.1 * php7-sodium-7.4.33-150400.4.40.1 * php7-xsl-7.4.33-150400.4.40.1 * php7-bcmath-debuginfo-7.4.33-150400.4.40.1 * php7-gmp-debuginfo-7.4.33-150400.4.40.1 * php7-intl-debuginfo-7.4.33-150400.4.40.1 * php7-embed-debuginfo-7.4.33-150400.4.40.1 * php7-ftp-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debugsource-7.4.33-150400.4.40.1 * php7-test-7.4.33-150400.4.40.1 * php7-bz2-7.4.33-150400.4.40.1 * php7-phar-7.4.33-150400.4.40.1 * php7-pdo-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-debuginfo-7.4.33-150400.4.40.1 * php7-curl-7.4.33-150400.4.40.1 * php7-pcntl-debuginfo-7.4.33-150400.4.40.1 * php7-intl-7.4.33-150400.4.40.1 * php7-ldap-7.4.33-150400.4.40.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.40.1 * php7-xmlrpc-7.4.33-150400.4.40.1 * php7-cli-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-7.4.33-150400.4.40.1 * php7-ldap-debuginfo-7.4.33-150400.4.40.1 * php7-zip-debuginfo-7.4.33-150400.4.40.1 * php7-debugsource-7.4.33-150400.4.40.1 * php7-bcmath-7.4.33-150400.4.40.1 * php7-json-7.4.33-150400.4.40.1 * php7-openssl-7.4.33-150400.4.40.1 * php7-tidy-7.4.33-150400.4.40.1 * php7-mysql-7.4.33-150400.4.40.1 * php7-xsl-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-7.4.33-150400.4.40.1 * php7-mbstring-debuginfo-7.4.33-150400.4.40.1 * php7-zlib-7.4.33-150400.4.40.1 * php7-sysvsem-7.4.33-150400.4.40.1 * php7-devel-7.4.33-150400.4.40.1 * php7-fpm-debugsource-7.4.33-150400.4.40.1 * php7-gd-debuginfo-7.4.33-150400.4.40.1 * php7-dom-7.4.33-150400.4.40.1 * apache2-mod_php7-7.4.33-150400.4.40.1 * php7-fastcgi-7.4.33-150400.4.40.1 * php7-mbstring-7.4.33-150400.4.40.1 * php7-ctype-7.4.33-150400.4.40.1 * php7-phar-debuginfo-7.4.33-150400.4.40.1 * php7-sockets-7.4.33-150400.4.40.1 * php7-sysvmsg-7.4.33-150400.4.40.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * apache2-mod_php7-debuginfo-7.4.33-150400.4.40.1 * php7-debuginfo-7.4.33-150400.4.40.1 * php7-dom-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-7.4.33-150400.4.40.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-7.4.33-150400.4.40.1 * php7-gd-7.4.33-150400.4.40.1 * php7-pcntl-7.4.33-150400.4.40.1 * php7-pdo-7.4.33-150400.4.40.1 * php7-json-debuginfo-7.4.33-150400.4.40.1 * php7-openssl-debuginfo-7.4.33-150400.4.40.1 * php7-sysvshm-7.4.33-150400.4.40.1 * php7-sqlite-7.4.33-150400.4.40.1 * php7-exif-debuginfo-7.4.33-150400.4.40.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.40.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.40.1 * php7-dba-7.4.33-150400.4.40.1 * php7-opcache-7.4.33-150400.4.40.1 * php7-cli-7.4.33-150400.4.40.1 * php7-ctype-debuginfo-7.4.33-150400.4.40.1 * php7-xmlwriter-7.4.33-150400.4.40.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-7.4.33-150400.4.40.1 * php7-sqlite-debuginfo-7.4.33-150400.4.40.1 * php7-embed-7.4.33-150400.4.40.1 * php7-soap-7.4.33-150400.4.40.1 * php7-sodium-debuginfo-7.4.33-150400.4.40.1 * php7-fileinfo-7.4.33-150400.4.40.1 * php7-posix-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-7.4.33-150400.4.40.1 * php7-tidy-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-debuginfo-7.4.33-150400.4.40.1 * php7-soap-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-7.4.33-150400.4.40.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.40.1 * php7-opcache-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-debuginfo-7.4.33-150400.4.40.1 * php7-embed-debugsource-7.4.33-150400.4.40.1 * php7-calendar-debuginfo-7.4.33-150400.4.40.1 * php7-dba-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-7.4.33-150400.4.40.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.40.1 * php7-curl-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-7.4.33-150400.4.40.1 * php7-mysql-debuginfo-7.4.33-150400.4.40.1 * php7-bz2-debuginfo-7.4.33-150400.4.40.1 * php7-7.4.33-150400.4.40.1 * php7-gmp-7.4.33-150400.4.40.1 * php7-posix-7.4.33-150400.4.40.1 * php7-ftp-7.4.33-150400.4.40.1 * php7-zip-7.4.33-150400.4.40.1 * php7-readline-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-debuginfo-7.4.33-150400.4.40.1 * php7-exif-7.4.33-150400.4.40.1 * php7-calendar-7.4.33-150400.4.40.1 * php7-sockets-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-7.4.33-150400.4.40.1 * php7-zlib-debuginfo-7.4.33-150400.4.40.1 * php7-readline-7.4.33-150400.4.40.1 * php7-sodium-7.4.33-150400.4.40.1 * php7-xsl-7.4.33-150400.4.40.1 * php7-bcmath-debuginfo-7.4.33-150400.4.40.1 * php7-gmp-debuginfo-7.4.33-150400.4.40.1 * php7-intl-debuginfo-7.4.33-150400.4.40.1 * php7-embed-debuginfo-7.4.33-150400.4.40.1 * php7-ftp-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debugsource-7.4.33-150400.4.40.1 * php7-test-7.4.33-150400.4.40.1 * php7-bz2-7.4.33-150400.4.40.1 * php7-phar-7.4.33-150400.4.40.1 * php7-pdo-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-debuginfo-7.4.33-150400.4.40.1 * php7-curl-7.4.33-150400.4.40.1 * php7-pcntl-debuginfo-7.4.33-150400.4.40.1 * php7-intl-7.4.33-150400.4.40.1 * php7-ldap-7.4.33-150400.4.40.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.40.1 * php7-xmlrpc-7.4.33-150400.4.40.1 * php7-cli-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-7.4.33-150400.4.40.1 * php7-ldap-debuginfo-7.4.33-150400.4.40.1 * php7-zip-debuginfo-7.4.33-150400.4.40.1 * php7-debugsource-7.4.33-150400.4.40.1 * php7-bcmath-7.4.33-150400.4.40.1 * php7-json-7.4.33-150400.4.40.1 * php7-openssl-7.4.33-150400.4.40.1 * php7-tidy-7.4.33-150400.4.40.1 * php7-mysql-7.4.33-150400.4.40.1 * php7-xsl-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-7.4.33-150400.4.40.1 * php7-mbstring-debuginfo-7.4.33-150400.4.40.1 * php7-zlib-7.4.33-150400.4.40.1 * php7-sysvsem-7.4.33-150400.4.40.1 * php7-devel-7.4.33-150400.4.40.1 * php7-fpm-debugsource-7.4.33-150400.4.40.1 * php7-gd-debuginfo-7.4.33-150400.4.40.1 * php7-dom-7.4.33-150400.4.40.1 * apache2-mod_php7-7.4.33-150400.4.40.1 * php7-fastcgi-7.4.33-150400.4.40.1 * php7-mbstring-7.4.33-150400.4.40.1 * php7-ctype-7.4.33-150400.4.40.1 * php7-phar-debuginfo-7.4.33-150400.4.40.1 * php7-sockets-7.4.33-150400.4.40.1 * php7-sysvmsg-7.4.33-150400.4.40.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-mod_php7-debuginfo-7.4.33-150400.4.40.1 * php7-debuginfo-7.4.33-150400.4.40.1 * php7-dom-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-7.4.33-150400.4.40.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-7.4.33-150400.4.40.1 * php7-gd-7.4.33-150400.4.40.1 * php7-pcntl-7.4.33-150400.4.40.1 * php7-pdo-7.4.33-150400.4.40.1 * php7-json-debuginfo-7.4.33-150400.4.40.1 * php7-openssl-debuginfo-7.4.33-150400.4.40.1 * php7-sysvshm-7.4.33-150400.4.40.1 * php7-sqlite-7.4.33-150400.4.40.1 * php7-exif-debuginfo-7.4.33-150400.4.40.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.40.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.40.1 * php7-dba-7.4.33-150400.4.40.1 * php7-opcache-7.4.33-150400.4.40.1 * php7-cli-7.4.33-150400.4.40.1 * php7-ctype-debuginfo-7.4.33-150400.4.40.1 * php7-xmlwriter-7.4.33-150400.4.40.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-7.4.33-150400.4.40.1 * php7-sqlite-debuginfo-7.4.33-150400.4.40.1 * php7-soap-7.4.33-150400.4.40.1 * php7-sodium-debuginfo-7.4.33-150400.4.40.1 * php7-fileinfo-7.4.33-150400.4.40.1 * php7-posix-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-7.4.33-150400.4.40.1 * php7-tidy-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-debuginfo-7.4.33-150400.4.40.1 * php7-soap-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-7.4.33-150400.4.40.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.40.1 * php7-opcache-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-debuginfo-7.4.33-150400.4.40.1 * php7-calendar-debuginfo-7.4.33-150400.4.40.1 * php7-dba-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-7.4.33-150400.4.40.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.40.1 * php7-curl-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-7.4.33-150400.4.40.1 * php7-mysql-debuginfo-7.4.33-150400.4.40.1 * php7-bz2-debuginfo-7.4.33-150400.4.40.1 * php7-7.4.33-150400.4.40.1 * php7-gmp-7.4.33-150400.4.40.1 * php7-posix-7.4.33-150400.4.40.1 * php7-ftp-7.4.33-150400.4.40.1 * php7-zip-7.4.33-150400.4.40.1 * php7-readline-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-debuginfo-7.4.33-150400.4.40.1 * php7-exif-7.4.33-150400.4.40.1 * php7-calendar-7.4.33-150400.4.40.1 * php7-sockets-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-7.4.33-150400.4.40.1 * php7-zlib-debuginfo-7.4.33-150400.4.40.1 * php7-readline-7.4.33-150400.4.40.1 * php7-sodium-7.4.33-150400.4.40.1 * php7-xsl-7.4.33-150400.4.40.1 * php7-bcmath-debuginfo-7.4.33-150400.4.40.1 * php7-gmp-debuginfo-7.4.33-150400.4.40.1 * php7-intl-debuginfo-7.4.33-150400.4.40.1 * php7-ftp-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debugsource-7.4.33-150400.4.40.1 * php7-bz2-7.4.33-150400.4.40.1 * php7-phar-7.4.33-150400.4.40.1 * php7-pdo-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-debuginfo-7.4.33-150400.4.40.1 * php7-curl-7.4.33-150400.4.40.1 * php7-pcntl-debuginfo-7.4.33-150400.4.40.1 * php7-intl-7.4.33-150400.4.40.1 * php7-ldap-7.4.33-150400.4.40.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.40.1 * php7-xmlrpc-7.4.33-150400.4.40.1 * php7-cli-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-7.4.33-150400.4.40.1 * php7-ldap-debuginfo-7.4.33-150400.4.40.1 * php7-zip-debuginfo-7.4.33-150400.4.40.1 * php7-debugsource-7.4.33-150400.4.40.1 * php7-bcmath-7.4.33-150400.4.40.1 * php7-json-7.4.33-150400.4.40.1 * php7-openssl-7.4.33-150400.4.40.1 * php7-tidy-7.4.33-150400.4.40.1 * php7-mysql-7.4.33-150400.4.40.1 * php7-xsl-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-7.4.33-150400.4.40.1 * php7-mbstring-debuginfo-7.4.33-150400.4.40.1 * php7-zlib-7.4.33-150400.4.40.1 * php7-sysvsem-7.4.33-150400.4.40.1 * php7-devel-7.4.33-150400.4.40.1 * php7-fpm-debugsource-7.4.33-150400.4.40.1 * php7-gd-debuginfo-7.4.33-150400.4.40.1 * php7-dom-7.4.33-150400.4.40.1 * apache2-mod_php7-7.4.33-150400.4.40.1 * php7-fastcgi-7.4.33-150400.4.40.1 * php7-mbstring-7.4.33-150400.4.40.1 * php7-ctype-7.4.33-150400.4.40.1 * php7-phar-debuginfo-7.4.33-150400.4.40.1 * php7-sockets-7.4.33-150400.4.40.1 * php7-sysvmsg-7.4.33-150400.4.40.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * apache2-mod_php7-debuginfo-7.4.33-150400.4.40.1 * php7-debuginfo-7.4.33-150400.4.40.1 * php7-dom-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-7.4.33-150400.4.40.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-7.4.33-150400.4.40.1 * php7-gd-7.4.33-150400.4.40.1 * php7-pcntl-7.4.33-150400.4.40.1 * php7-pdo-7.4.33-150400.4.40.1 * php7-json-debuginfo-7.4.33-150400.4.40.1 * php7-openssl-debuginfo-7.4.33-150400.4.40.1 * php7-sysvshm-7.4.33-150400.4.40.1 * php7-sqlite-7.4.33-150400.4.40.1 * php7-exif-debuginfo-7.4.33-150400.4.40.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.40.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.40.1 * php7-dba-7.4.33-150400.4.40.1 * php7-opcache-7.4.33-150400.4.40.1 * php7-cli-7.4.33-150400.4.40.1 * php7-ctype-debuginfo-7.4.33-150400.4.40.1 * php7-xmlwriter-7.4.33-150400.4.40.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-7.4.33-150400.4.40.1 * php7-sqlite-debuginfo-7.4.33-150400.4.40.1 * php7-soap-7.4.33-150400.4.40.1 * php7-sodium-debuginfo-7.4.33-150400.4.40.1 * php7-fileinfo-7.4.33-150400.4.40.1 * php7-posix-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-7.4.33-150400.4.40.1 * php7-tidy-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-debuginfo-7.4.33-150400.4.40.1 * php7-soap-debuginfo-7.4.33-150400.4.40.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-7.4.33-150400.4.40.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.40.1 * php7-opcache-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.40.1 * php7-gettext-debuginfo-7.4.33-150400.4.40.1 * php7-calendar-debuginfo-7.4.33-150400.4.40.1 * php7-dba-debuginfo-7.4.33-150400.4.40.1 * php7-fpm-7.4.33-150400.4.40.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.40.1 * php7-curl-debuginfo-7.4.33-150400.4.40.1 * php7-enchant-7.4.33-150400.4.40.1 * php7-mysql-debuginfo-7.4.33-150400.4.40.1 * php7-bz2-debuginfo-7.4.33-150400.4.40.1 * php7-7.4.33-150400.4.40.1 * php7-gmp-7.4.33-150400.4.40.1 * php7-posix-7.4.33-150400.4.40.1 * php7-ftp-7.4.33-150400.4.40.1 * php7-zip-7.4.33-150400.4.40.1 * php7-readline-debuginfo-7.4.33-150400.4.40.1 * php7-snmp-debuginfo-7.4.33-150400.4.40.1 * php7-exif-7.4.33-150400.4.40.1 * php7-calendar-7.4.33-150400.4.40.1 * php7-sockets-debuginfo-7.4.33-150400.4.40.1 * php7-iconv-debuginfo-7.4.33-150400.4.40.1 * php7-shmop-7.4.33-150400.4.40.1 * php7-zlib-debuginfo-7.4.33-150400.4.40.1 * php7-readline-7.4.33-150400.4.40.1 * php7-sodium-7.4.33-150400.4.40.1 * php7-xsl-7.4.33-150400.4.40.1 * php7-bcmath-debuginfo-7.4.33-150400.4.40.1 * php7-gmp-debuginfo-7.4.33-150400.4.40.1 * php7-intl-debuginfo-7.4.33-150400.4.40.1 * php7-ftp-debuginfo-7.4.33-150400.4.40.1 * php7-fastcgi-debugsource-7.4.33-150400.4.40.1 * php7-bz2-7.4.33-150400.4.40.1 * php7-phar-7.4.33-150400.4.40.1 * php7-pdo-debuginfo-7.4.33-150400.4.40.1 * php7-odbc-debuginfo-7.4.33-150400.4.40.1 * php7-curl-7.4.33-150400.4.40.1 * php7-pcntl-debuginfo-7.4.33-150400.4.40.1 * php7-intl-7.4.33-150400.4.40.1 * php7-ldap-7.4.33-150400.4.40.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.40.1 * php7-xmlrpc-7.4.33-150400.4.40.1 * php7-cli-debuginfo-7.4.33-150400.4.40.1 * php7-tokenizer-7.4.33-150400.4.40.1 * php7-ldap-debuginfo-7.4.33-150400.4.40.1 * php7-zip-debuginfo-7.4.33-150400.4.40.1 * php7-debugsource-7.4.33-150400.4.40.1 * php7-bcmath-7.4.33-150400.4.40.1 * php7-json-7.4.33-150400.4.40.1 * php7-openssl-7.4.33-150400.4.40.1 * php7-tidy-7.4.33-150400.4.40.1 * php7-mysql-7.4.33-150400.4.40.1 * php7-xsl-debuginfo-7.4.33-150400.4.40.1 * php7-pgsql-7.4.33-150400.4.40.1 * php7-mbstring-debuginfo-7.4.33-150400.4.40.1 * php7-zlib-7.4.33-150400.4.40.1 * php7-sysvsem-7.4.33-150400.4.40.1 * php7-devel-7.4.33-150400.4.40.1 * php7-fpm-debugsource-7.4.33-150400.4.40.1 * php7-gd-debuginfo-7.4.33-150400.4.40.1 * php7-dom-7.4.33-150400.4.40.1 * apache2-mod_php7-7.4.33-150400.4.40.1 * php7-fastcgi-7.4.33-150400.4.40.1 * php7-mbstring-7.4.33-150400.4.40.1 * php7-ctype-7.4.33-150400.4.40.1 * php7-phar-debuginfo-7.4.33-150400.4.40.1 * php7-sockets-7.4.33-150400.4.40.1 * php7-sysvmsg-7.4.33-150400.4.40.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * php7-embed-debuginfo-7.4.33-150400.4.40.1 * php7-embed-debugsource-7.4.33-150400.4.40.1 * php7-embed-7.4.33-150400.4.40.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * php7-embed-debuginfo-7.4.33-150400.4.40.1 * php7-embed-debugsource-7.4.33-150400.4.40.1 * php7-embed-7.4.33-150400.4.40.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8925.html * https://www.suse.com/security/cve/CVE-2024-8927.html * https://www.suse.com/security/cve/CVE-2024-9026.html * https://bugzilla.suse.com/show_bug.cgi?id=1231358 * https://bugzilla.suse.com/show_bug.cgi?id=1231360 * https://bugzilla.suse.com/show_bug.cgi?id=1231382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 18 16:30:16 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 18 Oct 2024 16:30:16 -0000 Subject: SUSE-SU-2024:3732-1: moderate: Security update for php74 Message-ID: <172926901611.6514.1831483980070723481@smelt2.prg2.suse.org> # Security update for php74 Announcement ID: SUSE-SU-2024:3732-1 Release Date: 2024-10-18T14:47:16Z Rating: moderate References: * bsc#1231358 * bsc#1231360 * bsc#1231382 Cross-References: * CVE-2024-8925 * CVE-2024-8927 * CVE-2024-9026 CVSS scores: * CVE-2024-8925 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8925 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8925 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8925 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8927 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-8927 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-8927 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9026 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9026 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-9026 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-9026 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * Web and Scripting Module 12 An update that solves three vulnerabilities can now be installed. ## Description: This update for php74 fixes the following issues: * CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) * CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) * CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2024-3732=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3732=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * php74-mysql-7.4.33-1.71.1 * php74-pdo-7.4.33-1.71.1 * php74-enchant-debuginfo-7.4.33-1.71.1 * php74-pdo-debuginfo-7.4.33-1.71.1 * php74-pcntl-7.4.33-1.71.1 * php74-tidy-debuginfo-7.4.33-1.71.1 * php74-intl-7.4.33-1.71.1 * php74-zlib-7.4.33-1.71.1 * php74-sysvmsg-7.4.33-1.71.1 * php74-sqlite-debuginfo-7.4.33-1.71.1 * php74-shmop-debuginfo-7.4.33-1.71.1 * php74-sysvsem-7.4.33-1.71.1 * php74-calendar-debuginfo-7.4.33-1.71.1 * php74-odbc-debuginfo-7.4.33-1.71.1 * php74-opcache-7.4.33-1.71.1 * php74-xmlrpc-7.4.33-1.71.1 * php74-dom-7.4.33-1.71.1 * php74-fastcgi-7.4.33-1.71.1 * php74-curl-debuginfo-7.4.33-1.71.1 * php74-readline-7.4.33-1.71.1 * php74-fileinfo-7.4.33-1.71.1 * php74-gd-debuginfo-7.4.33-1.71.1 * php74-openssl-debuginfo-7.4.33-1.71.1 * php74-sockets-7.4.33-1.71.1 * php74-7.4.33-1.71.1 * apache2-mod_php74-7.4.33-1.71.1 * php74-phar-7.4.33-1.71.1 * php74-gmp-debuginfo-7.4.33-1.71.1 * php74-sodium-debuginfo-7.4.33-1.71.1 * php74-opcache-debuginfo-7.4.33-1.71.1 * php74-enchant-7.4.33-1.71.1 * php74-intl-debuginfo-7.4.33-1.71.1 * php74-zip-debuginfo-7.4.33-1.71.1 * php74-bz2-debuginfo-7.4.33-1.71.1 * php74-xsl-7.4.33-1.71.1 * php74-soap-7.4.33-1.71.1 * php74-ldap-7.4.33-1.71.1 * php74-xmlrpc-debuginfo-7.4.33-1.71.1 * php74-xmlreader-debuginfo-7.4.33-1.71.1 * php74-gmp-7.4.33-1.71.1 * php74-xmlwriter-7.4.33-1.71.1 * php74-sysvmsg-debuginfo-7.4.33-1.71.1 * php74-dba-7.4.33-1.71.1 * php74-tokenizer-7.4.33-1.71.1 * php74-posix-debuginfo-7.4.33-1.71.1 * php74-gettext-debuginfo-7.4.33-1.71.1 * php74-readline-debuginfo-7.4.33-1.71.1 * php74-sockets-debuginfo-7.4.33-1.71.1 * php74-pgsql-debuginfo-7.4.33-1.71.1 * php74-gd-7.4.33-1.71.1 * php74-ftp-7.4.33-1.71.1 * php74-debugsource-7.4.33-1.71.1 * php74-json-debuginfo-7.4.33-1.71.1 * php74-json-7.4.33-1.71.1 * php74-openssl-7.4.33-1.71.1 * php74-bcmath-7.4.33-1.71.1 * php74-mbstring-debuginfo-7.4.33-1.71.1 * php74-shmop-7.4.33-1.71.1 * php74-soap-debuginfo-7.4.33-1.71.1 * php74-odbc-7.4.33-1.71.1 * php74-ftp-debuginfo-7.4.33-1.71.1 * php74-xmlreader-7.4.33-1.71.1 * php74-sqlite-7.4.33-1.71.1 * php74-dom-debuginfo-7.4.33-1.71.1 * php74-sysvsem-debuginfo-7.4.33-1.71.1 * php74-bz2-7.4.33-1.71.1 * php74-iconv-debuginfo-7.4.33-1.71.1 * php74-calendar-7.4.33-1.71.1 * php74-fpm-debuginfo-7.4.33-1.71.1 * php74-zip-7.4.33-1.71.1 * php74-tokenizer-debuginfo-7.4.33-1.71.1 * php74-sysvshm-7.4.33-1.71.1 * php74-posix-7.4.33-1.71.1 * php74-exif-debuginfo-7.4.33-1.71.1 * php74-snmp-7.4.33-1.71.1 * php74-debuginfo-7.4.33-1.71.1 * php74-iconv-7.4.33-1.71.1 * php74-tidy-7.4.33-1.71.1 * php74-ctype-debuginfo-7.4.33-1.71.1 * php74-gettext-7.4.33-1.71.1 * php74-sodium-7.4.33-1.71.1 * php74-fastcgi-debuginfo-7.4.33-1.71.1 * php74-zlib-debuginfo-7.4.33-1.71.1 * php74-mysql-debuginfo-7.4.33-1.71.1 * php74-dba-debuginfo-7.4.33-1.71.1 * php74-phar-debuginfo-7.4.33-1.71.1 * php74-bcmath-debuginfo-7.4.33-1.71.1 * php74-xsl-debuginfo-7.4.33-1.71.1 * php74-snmp-debuginfo-7.4.33-1.71.1 * php74-fpm-7.4.33-1.71.1 * php74-ldap-debuginfo-7.4.33-1.71.1 * php74-mbstring-7.4.33-1.71.1 * php74-curl-7.4.33-1.71.1 * php74-ctype-7.4.33-1.71.1 * php74-pcntl-debuginfo-7.4.33-1.71.1 * php74-pgsql-7.4.33-1.71.1 * apache2-mod_php74-debuginfo-7.4.33-1.71.1 * php74-exif-7.4.33-1.71.1 * php74-xmlwriter-debuginfo-7.4.33-1.71.1 * php74-fileinfo-debuginfo-7.4.33-1.71.1 * php74-sysvshm-debuginfo-7.4.33-1.71.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * php74-debugsource-7.4.33-1.71.1 * php74-devel-7.4.33-1.71.1 * php74-debuginfo-7.4.33-1.71.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8925.html * https://www.suse.com/security/cve/CVE-2024-8927.html * https://www.suse.com/security/cve/CVE-2024-9026.html * https://bugzilla.suse.com/show_bug.cgi?id=1231358 * https://bugzilla.suse.com/show_bug.cgi?id=1231360 * https://bugzilla.suse.com/show_bug.cgi?id=1231382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 18 16:30:19 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 18 Oct 2024 16:30:19 -0000 Subject: SUSE-SU-2024:3731-1: important: Security update for MozillaThunderbird Message-ID: <172926901936.6514.13397039733306111104@smelt2.prg2.suse.org> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2024:3731-1 Release Date: 2024-10-18T14:29:54Z Rating: important References: * bsc#1231413 Cross-References: * CVE-2024-9680 CVSS scores: * CVE-2024-9680 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9680 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9680 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-52, bsc#1231413): * CVE-2024-9680: Fixed use-after-free in Animation timeline (bmo#1923344) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3731=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3731=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3731=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3731=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3731=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3731=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3731=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 * MozillaThunderbird-debugsource-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 * MozillaThunderbird-debuginfo-128.3.1-150200.8.185.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 * MozillaThunderbird-debugsource-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 * MozillaThunderbird-debuginfo-128.3.1-150200.8.185.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 * MozillaThunderbird-debugsource-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 * MozillaThunderbird-debuginfo-128.3.1-150200.8.185.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * MozillaThunderbird-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 * MozillaThunderbird-debugsource-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 * MozillaThunderbird-debuginfo-128.3.1-150200.8.185.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaThunderbird-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 * MozillaThunderbird-debugsource-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 * MozillaThunderbird-debuginfo-128.3.1-150200.8.185.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 * MozillaThunderbird-debugsource-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 * MozillaThunderbird-debuginfo-128.3.1-150200.8.185.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * MozillaThunderbird-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 * MozillaThunderbird-debugsource-128.3.1-150200.8.185.1 * MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 * MozillaThunderbird-debuginfo-128.3.1-150200.8.185.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9680.html * https://bugzilla.suse.com/show_bug.cgi?id=1231413 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 18 16:30:26 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 18 Oct 2024 16:30:26 -0000 Subject: SUSE-SU-2024:3729-1: moderate: Security update for php8 Message-ID: <172926902670.6514.13753198544024763411@smelt2.prg2.suse.org> # Security update for php8 Announcement ID: SUSE-SU-2024:3729-1 Release Date: 2024-10-18T13:23:01Z Rating: moderate References: * bsc#1231358 * bsc#1231360 * bsc#1231382 Cross-References: * CVE-2024-8925 * CVE-2024-8927 * CVE-2024-9026 CVSS scores: * CVE-2024-8925 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8925 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8925 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8925 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-8927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8927 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-8927 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-8927 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-9026 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9026 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-9026 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-9026 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * Web and Scripting Module 15-SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for php8 fixes the following issues: Update to php 8.2.24: * CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) * CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) * CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2024-3729=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3729=1 openSUSE-SLE-15.6-2024-3729=1 ## Package List: * Web and Scripting Module 15-SP6 (aarch64 ppc64le s390x x86_64) * php8-pgsql-debuginfo-8.2.24-150600.3.6.1 * php8-opcache-8.2.24-150600.3.6.1 * php8-ldap-8.2.24-150600.3.6.1 * php8-fpm-debuginfo-8.2.24-150600.3.6.1 * php8-sysvshm-debuginfo-8.2.24-150600.3.6.1 * php8-tidy-8.2.24-150600.3.6.1 * php8-iconv-8.2.24-150600.3.6.1 * php8-fpm-debugsource-8.2.24-150600.3.6.1 * php8-tokenizer-debuginfo-8.2.24-150600.3.6.1 * php8-embed-8.2.24-150600.3.6.1 * php8-odbc-8.2.24-150600.3.6.1 * php8-readline-debuginfo-8.2.24-150600.3.6.1 * php8-dom-debuginfo-8.2.24-150600.3.6.1 * php8-zip-8.2.24-150600.3.6.1 * php8-devel-8.2.24-150600.3.6.1 * php8-sqlite-8.2.24-150600.3.6.1 * php8-embed-debuginfo-8.2.24-150600.3.6.1 * php8-gettext-debuginfo-8.2.24-150600.3.6.1 * php8-sysvsem-debuginfo-8.2.24-150600.3.6.1 * php8-fpm-8.2.24-150600.3.6.1 * php8-pdo-8.2.24-150600.3.6.1 * php8-sysvsem-8.2.24-150600.3.6.1 * php8-snmp-8.2.24-150600.3.6.1 * apache2-mod_php8-debuginfo-8.2.24-150600.3.6.1 * php8-sqlite-debuginfo-8.2.24-150600.3.6.1 * php8-cli-8.2.24-150600.3.6.1 * php8-gmp-debuginfo-8.2.24-150600.3.6.1 * php8-enchant-debuginfo-8.2.24-150600.3.6.1 * php8-sysvshm-8.2.24-150600.3.6.1 * php8-sodium-debuginfo-8.2.24-150600.3.6.1 * php8-bcmath-8.2.24-150600.3.6.1 * php8-mysql-debuginfo-8.2.24-150600.3.6.1 * php8-zlib-8.2.24-150600.3.6.1 * php8-posix-debuginfo-8.2.24-150600.3.6.1 * php8-pcntl-8.2.24-150600.3.6.1 * php8-xmlreader-debuginfo-8.2.24-150600.3.6.1 * php8-shmop-debuginfo-8.2.24-150600.3.6.1 * php8-soap-debuginfo-8.2.24-150600.3.6.1 * php8-tidy-debuginfo-8.2.24-150600.3.6.1 * php8-enchant-8.2.24-150600.3.6.1 * php8-mbstring-8.2.24-150600.3.6.1 * php8-sysvmsg-debuginfo-8.2.24-150600.3.6.1 * php8-intl-debuginfo-8.2.24-150600.3.6.1 * php8-dba-8.2.24-150600.3.6.1 * php8-curl-8.2.24-150600.3.6.1 * php8-fileinfo-8.2.24-150600.3.6.1 * php8-ctype-8.2.24-150600.3.6.1 * php8-8.2.24-150600.3.6.1 * php8-ldap-debuginfo-8.2.24-150600.3.6.1 * php8-sockets-8.2.24-150600.3.6.1 * php8-soap-8.2.24-150600.3.6.1 * php8-readline-8.2.24-150600.3.6.1 * php8-pgsql-8.2.24-150600.3.6.1 * php8-ftp-8.2.24-150600.3.6.1 * php8-sodium-8.2.24-150600.3.6.1 * php8-exif-debuginfo-8.2.24-150600.3.6.1 * php8-xmlwriter-debuginfo-8.2.24-150600.3.6.1 * php8-xmlwriter-8.2.24-150600.3.6.1 * php8-curl-debuginfo-8.2.24-150600.3.6.1 * php8-gmp-8.2.24-150600.3.6.1 * php8-zip-debuginfo-8.2.24-150600.3.6.1 * php8-calendar-debuginfo-8.2.24-150600.3.6.1 * php8-debugsource-8.2.24-150600.3.6.1 * php8-bz2-8.2.24-150600.3.6.1 * php8-shmop-8.2.24-150600.3.6.1 * php8-gd-8.2.24-150600.3.6.1 * php8-mysql-8.2.24-150600.3.6.1 * php8-opcache-debuginfo-8.2.24-150600.3.6.1 * php8-xmlreader-8.2.24-150600.3.6.1 * php8-xsl-8.2.24-150600.3.6.1 * php8-odbc-debuginfo-8.2.24-150600.3.6.1 * php8-debuginfo-8.2.24-150600.3.6.1 * php8-bz2-debuginfo-8.2.24-150600.3.6.1 * php8-fastcgi-debuginfo-8.2.24-150600.3.6.1 * php8-bcmath-debuginfo-8.2.24-150600.3.6.1 * php8-test-8.2.24-150600.3.6.1 * php8-embed-debugsource-8.2.24-150600.3.6.1 * php8-gd-debuginfo-8.2.24-150600.3.6.1 * php8-snmp-debuginfo-8.2.24-150600.3.6.1 * php8-xsl-debuginfo-8.2.24-150600.3.6.1 * php8-phar-debuginfo-8.2.24-150600.3.6.1 * apache2-mod_php8-8.2.24-150600.3.6.1 * php8-fastcgi-debugsource-8.2.24-150600.3.6.1 * php8-iconv-debuginfo-8.2.24-150600.3.6.1 * php8-cli-debuginfo-8.2.24-150600.3.6.1 * php8-ftp-debuginfo-8.2.24-150600.3.6.1 * php8-openssl-8.2.24-150600.3.6.1 * php8-fileinfo-debuginfo-8.2.24-150600.3.6.1 * php8-sockets-debuginfo-8.2.24-150600.3.6.1 * php8-dom-8.2.24-150600.3.6.1 * php8-phar-8.2.24-150600.3.6.1 * php8-pcntl-debuginfo-8.2.24-150600.3.6.1 * php8-exif-8.2.24-150600.3.6.1 * php8-ctype-debuginfo-8.2.24-150600.3.6.1 * php8-sysvmsg-8.2.24-150600.3.6.1 * php8-openssl-debuginfo-8.2.24-150600.3.6.1 * php8-mbstring-debuginfo-8.2.24-150600.3.6.1 * php8-gettext-8.2.24-150600.3.6.1 * php8-intl-8.2.24-150600.3.6.1 * php8-zlib-debuginfo-8.2.24-150600.3.6.1 * php8-dba-debuginfo-8.2.24-150600.3.6.1 * php8-tokenizer-8.2.24-150600.3.6.1 * php8-calendar-8.2.24-150600.3.6.1 * apache2-mod_php8-debugsource-8.2.24-150600.3.6.1 * php8-posix-8.2.24-150600.3.6.1 * php8-pdo-debuginfo-8.2.24-150600.3.6.1 * php8-fastcgi-8.2.24-150600.3.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * php8-pgsql-debuginfo-8.2.24-150600.3.6.1 * php8-ffi-8.2.24-150600.3.6.1 * php8-opcache-8.2.24-150600.3.6.1 * php8-ldap-8.2.24-150600.3.6.1 * php8-fpm-debuginfo-8.2.24-150600.3.6.1 * php8-sysvshm-debuginfo-8.2.24-150600.3.6.1 * php8-tidy-8.2.24-150600.3.6.1 * php8-iconv-8.2.24-150600.3.6.1 * php8-fpm-debugsource-8.2.24-150600.3.6.1 * php8-tokenizer-debuginfo-8.2.24-150600.3.6.1 * php8-odbc-8.2.24-150600.3.6.1 * php8-embed-8.2.24-150600.3.6.1 * php8-readline-debuginfo-8.2.24-150600.3.6.1 * php8-dom-debuginfo-8.2.24-150600.3.6.1 * php8-zip-8.2.24-150600.3.6.1 * php8-devel-8.2.24-150600.3.6.1 * php8-sqlite-8.2.24-150600.3.6.1 * php8-embed-debuginfo-8.2.24-150600.3.6.1 * php8-gettext-debuginfo-8.2.24-150600.3.6.1 * php8-sysvsem-debuginfo-8.2.24-150600.3.6.1 * php8-fpm-8.2.24-150600.3.6.1 * php8-pdo-8.2.24-150600.3.6.1 * php8-sysvsem-8.2.24-150600.3.6.1 * php8-snmp-8.2.24-150600.3.6.1 * apache2-mod_php8-debuginfo-8.2.24-150600.3.6.1 * php8-sqlite-debuginfo-8.2.24-150600.3.6.1 * php8-cli-8.2.24-150600.3.6.1 * php8-gmp-debuginfo-8.2.24-150600.3.6.1 * php8-enchant-debuginfo-8.2.24-150600.3.6.1 * php8-sysvshm-8.2.24-150600.3.6.1 * php8-sodium-debuginfo-8.2.24-150600.3.6.1 * php8-bcmath-8.2.24-150600.3.6.1 * php8-mysql-debuginfo-8.2.24-150600.3.6.1 * php8-zlib-8.2.24-150600.3.6.1 * php8-posix-debuginfo-8.2.24-150600.3.6.1 * php8-pcntl-8.2.24-150600.3.6.1 * php8-xmlreader-debuginfo-8.2.24-150600.3.6.1 * php8-shmop-debuginfo-8.2.24-150600.3.6.1 * php8-soap-debuginfo-8.2.24-150600.3.6.1 * php8-tidy-debuginfo-8.2.24-150600.3.6.1 * php8-enchant-8.2.24-150600.3.6.1 * php8-mbstring-8.2.24-150600.3.6.1 * php8-sysvmsg-debuginfo-8.2.24-150600.3.6.1 * php8-intl-debuginfo-8.2.24-150600.3.6.1 * php8-dba-8.2.24-150600.3.6.1 * php8-curl-8.2.24-150600.3.6.1 * php8-fileinfo-8.2.24-150600.3.6.1 * php8-ctype-8.2.24-150600.3.6.1 * php8-8.2.24-150600.3.6.1 * php8-ldap-debuginfo-8.2.24-150600.3.6.1 * php8-sockets-8.2.24-150600.3.6.1 * php8-soap-8.2.24-150600.3.6.1 * php8-readline-8.2.24-150600.3.6.1 * php8-pgsql-8.2.24-150600.3.6.1 * php8-ftp-8.2.24-150600.3.6.1 * php8-sodium-8.2.24-150600.3.6.1 * php8-exif-debuginfo-8.2.24-150600.3.6.1 * php8-xmlwriter-debuginfo-8.2.24-150600.3.6.1 * php8-xmlwriter-8.2.24-150600.3.6.1 * php8-curl-debuginfo-8.2.24-150600.3.6.1 * php8-gmp-8.2.24-150600.3.6.1 * php8-zip-debuginfo-8.2.24-150600.3.6.1 * php8-calendar-debuginfo-8.2.24-150600.3.6.1 * php8-debugsource-8.2.24-150600.3.6.1 * php8-bz2-8.2.24-150600.3.6.1 * php8-shmop-8.2.24-150600.3.6.1 * php8-gd-8.2.24-150600.3.6.1 * php8-mysql-8.2.24-150600.3.6.1 * php8-opcache-debuginfo-8.2.24-150600.3.6.1 * php8-xmlreader-8.2.24-150600.3.6.1 * php8-xsl-8.2.24-150600.3.6.1 * php8-odbc-debuginfo-8.2.24-150600.3.6.1 * php8-debuginfo-8.2.24-150600.3.6.1 * php8-bz2-debuginfo-8.2.24-150600.3.6.1 * php8-fastcgi-debuginfo-8.2.24-150600.3.6.1 * php8-bcmath-debuginfo-8.2.24-150600.3.6.1 * php8-test-8.2.24-150600.3.6.1 * php8-ffi-debuginfo-8.2.24-150600.3.6.1 * php8-embed-debugsource-8.2.24-150600.3.6.1 * php8-gd-debuginfo-8.2.24-150600.3.6.1 * php8-snmp-debuginfo-8.2.24-150600.3.6.1 * php8-xsl-debuginfo-8.2.24-150600.3.6.1 * php8-phar-debuginfo-8.2.24-150600.3.6.1 * apache2-mod_php8-8.2.24-150600.3.6.1 * php8-iconv-debuginfo-8.2.24-150600.3.6.1 * php8-fastcgi-debugsource-8.2.24-150600.3.6.1 * php8-cli-debuginfo-8.2.24-150600.3.6.1 * php8-ftp-debuginfo-8.2.24-150600.3.6.1 * php8-openssl-8.2.24-150600.3.6.1 * php8-fileinfo-debuginfo-8.2.24-150600.3.6.1 * php8-sockets-debuginfo-8.2.24-150600.3.6.1 * php8-dom-8.2.24-150600.3.6.1 * php8-phar-8.2.24-150600.3.6.1 * php8-pcntl-debuginfo-8.2.24-150600.3.6.1 * php8-exif-8.2.24-150600.3.6.1 * php8-ctype-debuginfo-8.2.24-150600.3.6.1 * php8-sysvmsg-8.2.24-150600.3.6.1 * php8-openssl-debuginfo-8.2.24-150600.3.6.1 * php8-mbstring-debuginfo-8.2.24-150600.3.6.1 * php8-gettext-8.2.24-150600.3.6.1 * php8-intl-8.2.24-150600.3.6.1 * php8-zlib-debuginfo-8.2.24-150600.3.6.1 * php8-dba-debuginfo-8.2.24-150600.3.6.1 * php8-tokenizer-8.2.24-150600.3.6.1 * php8-calendar-8.2.24-150600.3.6.1 * php8-posix-8.2.24-150600.3.6.1 * apache2-mod_php8-debugsource-8.2.24-150600.3.6.1 * php8-pdo-debuginfo-8.2.24-150600.3.6.1 * php8-fastcgi-8.2.24-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * php8-fpm-apache-8.2.24-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-8925.html * https://www.suse.com/security/cve/CVE-2024-8927.html * https://www.suse.com/security/cve/CVE-2024-9026.html * https://bugzilla.suse.com/show_bug.cgi?id=1231358 * https://bugzilla.suse.com/show_bug.cgi?id=1231360 * https://bugzilla.suse.com/show_bug.cgi?id=1231382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 18 16:30:29 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 18 Oct 2024 16:30:29 -0000 Subject: SUSE-SU-2024:3728-1: moderate: Security update for buildah Message-ID: <172926902905.6514.6095370924059963191@smelt2.prg2.suse.org> # Security update for buildah Announcement ID: SUSE-SU-2024:3728-1 Release Date: 2024-10-18T13:15:57Z Rating: moderate References: * bsc#1231499 Cross-References: * CVE-2024-9675 CVSS scores: * CVE-2024-9675 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2024-9675 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-9675 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * Containers Module 15-SP5 * Containers Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for buildah fixes the following issues: * CVE-2024-9675: Fixed arbitrary cache directory mount (bsc#1231499) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3728=1 openSUSE-SLE-15.5-2024-3728=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3728=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3728=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3728=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.35.4-150500.3.16.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.16.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.16.1 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9675.html * https://bugzilla.suse.com/show_bug.cgi?id=1231499 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Oct 21 16:30:04 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 21 Oct 2024 16:30:04 -0000 Subject: SUSE-SU-2024:3742-1: important: Security update for apache2 Message-ID: <172952820402.7152.11533557719979213551@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2024:3742-1 Release Date: 2024-10-21T13:58:41Z Rating: important References: * bsc#1228097 Cross-References: * CVE-2024-40725 CVSS scores: * CVE-2024-40725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3742=1 openSUSE-SLE-15.6-2024-3742=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3742=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3742=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-3742=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * apache2-worker-2.4.58-150600.5.26.1 * apache2-devel-2.4.58-150600.5.26.1 * apache2-debuginfo-2.4.58-150600.5.26.1 * apache2-2.4.58-150600.5.26.1 * apache2-prefork-2.4.58-150600.5.26.1 * apache2-prefork-debugsource-2.4.58-150600.5.26.1 * apache2-utils-2.4.58-150600.5.26.1 * apache2-utils-debuginfo-2.4.58-150600.5.26.1 * apache2-utils-debugsource-2.4.58-150600.5.26.1 * apache2-worker-debuginfo-2.4.58-150600.5.26.1 * apache2-event-debugsource-2.4.58-150600.5.26.1 * apache2-debugsource-2.4.58-150600.5.26.1 * apache2-event-2.4.58-150600.5.26.1 * apache2-worker-debugsource-2.4.58-150600.5.26.1 * apache2-prefork-debuginfo-2.4.58-150600.5.26.1 * apache2-event-debuginfo-2.4.58-150600.5.26.1 * openSUSE Leap 15.6 (noarch) * apache2-manual-2.4.58-150600.5.26.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * apache2-debuginfo-2.4.58-150600.5.26.1 * apache2-2.4.58-150600.5.26.1 * apache2-prefork-2.4.58-150600.5.26.1 * apache2-prefork-debugsource-2.4.58-150600.5.26.1 * apache2-debugsource-2.4.58-150600.5.26.1 * apache2-prefork-debuginfo-2.4.58-150600.5.26.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * apache2-debuginfo-2.4.58-150600.5.26.1 * apache2-event-debugsource-2.4.58-150600.5.26.1 * apache2-debugsource-2.4.58-150600.5.26.1 * apache2-event-2.4.58-150600.5.26.1 * apache2-event-debuginfo-2.4.58-150600.5.26.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.58-150600.5.26.1 * apache2-devel-2.4.58-150600.5.26.1 * apache2-utils-2.4.58-150600.5.26.1 * apache2-utils-debugsource-2.4.58-150600.5.26.1 * apache2-utils-debuginfo-2.4.58-150600.5.26.1 * apache2-worker-debuginfo-2.4.58-150600.5.26.1 * apache2-worker-debugsource-2.4.58-150600.5.26.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40725.html * https://bugzilla.suse.com/show_bug.cgi?id=1228097 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Oct 21 16:30:10 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 21 Oct 2024 16:30:10 -0000 Subject: SUSE-SU-2024:3741-1: moderate: Security update for podman Message-ID: <172952821006.7152.11188539212931598409@smelt2.prg2.suse.org> # Security update for podman Announcement ID: SUSE-SU-2024:3741-1 Release Date: 2024-10-21T12:33:47Z Rating: moderate References: * bsc#1214612 * bsc#1231208 * bsc#1231499 Cross-References: * CVE-2024-9407 * CVE-2024-9675 CVSS scores: * CVE-2024-9407 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-9407 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2024-9407 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N * CVE-2024-9675 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2024-9675 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-9675 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * Containers Module 15-SP5 * Containers Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2024-9675: Fixed cache arbitrary directory mount (bsc#1231499). * CVE-2024-9407: Fixed improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208). The following non-security bug was fixed: * rootless ipv6 containers can't be started (bsc#1214612). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3741=1 SUSE-2024-3741=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3741=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3741=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3741=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3741=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3741=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * podmansh-4.9.5-150500.3.25.1 * podman-debuginfo-4.9.5-150500.3.25.1 * podman-4.9.5-150500.3.25.1 * podman-remote-4.9.5-150500.3.25.1 * podman-remote-debuginfo-4.9.5-150500.3.25.1 * openSUSE Leap 15.5 (noarch) * podman-docker-4.9.5-150500.3.25.1 * openSUSE Leap Micro 5.5 (aarch64 ppc64le s390x x86_64) * podmansh-4.9.5-150500.3.25.1 * podman-debuginfo-4.9.5-150500.3.25.1 * podman-4.9.5-150500.3.25.1 * podman-remote-4.9.5-150500.3.25.1 * podman-remote-debuginfo-4.9.5-150500.3.25.1 * openSUSE Leap Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.25.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * podmansh-4.9.5-150500.3.25.1 * podman-debuginfo-4.9.5-150500.3.25.1 * podman-4.9.5-150500.3.25.1 * podman-remote-4.9.5-150500.3.25.1 * podman-remote-debuginfo-4.9.5-150500.3.25.1 * openSUSE Leap 15.6 (noarch) * podman-docker-4.9.5-150500.3.25.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * podmansh-4.9.5-150500.3.25.1 * podman-debuginfo-4.9.5-150500.3.25.1 * podman-4.9.5-150500.3.25.1 * podman-remote-4.9.5-150500.3.25.1 * podman-remote-debuginfo-4.9.5-150500.3.25.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.25.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * podmansh-4.9.5-150500.3.25.1 * podman-debuginfo-4.9.5-150500.3.25.1 * podman-4.9.5-150500.3.25.1 * podman-remote-4.9.5-150500.3.25.1 * podman-remote-debuginfo-4.9.5-150500.3.25.1 * Containers Module 15-SP5 (noarch) * podman-docker-4.9.5-150500.3.25.1 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * podmansh-4.9.5-150500.3.25.1 * podman-debuginfo-4.9.5-150500.3.25.1 * podman-4.9.5-150500.3.25.1 * podman-remote-4.9.5-150500.3.25.1 * podman-remote-debuginfo-4.9.5-150500.3.25.1 * Containers Module 15-SP6 (noarch) * podman-docker-4.9.5-150500.3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9407.html * https://www.suse.com/security/cve/CVE-2024-9675.html * https://bugzilla.suse.com/show_bug.cgi?id=1214612 * https://bugzilla.suse.com/show_bug.cgi?id=1231208 * https://bugzilla.suse.com/show_bug.cgi?id=1231499 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 22 16:30:04 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 22 Oct 2024 16:30:04 -0000 Subject: SUSE-SU-2024:3747-1: important: Security update for protobuf Message-ID: <172961460430.7152.7270265106189267483@smelt2.prg2.suse.org> # Security update for protobuf Announcement ID: SUSE-SU-2024:3747-1 Release Date: 2024-10-22T13:42:06Z Rating: important References: * bsc#1230778 Cross-References: * CVE-2024-7254 CVSS scores: * CVE-2024-7254 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-7254 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * Public Cloud Module 15-SP5 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for protobuf fixes the following issues: * CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3747=1 openSUSE-SLE-15.5-2024-3747=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3747=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-3747=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-3747=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-3747=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-3747=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3747=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3747=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3747=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3747=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-3747=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-3747=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libprotobuf25_1_0-25.1-150500.12.5.1 * libprotoc25_1_0-debuginfo-25.1-150500.12.5.1 * python311-protobuf-4.25.1-150500.12.5.1 * libprotobuf25_1_0-debuginfo-25.1-150500.12.5.1 * protobuf-devel-debuginfo-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-25.1-150500.12.5.1 * protobuf-debugsource-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150500.12.5.1 * libprotoc25_1_0-25.1-150500.12.5.1 * protobuf-devel-25.1-150500.12.5.1 * protobuf-java-25.1-150500.12.5.1 * openSUSE Leap 15.5 (x86_64) * libprotoc25_1_0-32bit-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-32bit-debuginfo-25.1-150500.12.5.1 * libprotobuf25_1_0-32bit-25.1-150500.12.5.1 * libprotobuf25_1_0-32bit-debuginfo-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-32bit-25.1-150500.12.5.1 * libprotoc25_1_0-32bit-debuginfo-25.1-150500.12.5.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libprotoc25_1_0-64bit-debuginfo-25.1-150500.12.5.1 * libprotobuf25_1_0-64bit-25.1-150500.12.5.1 * libprotoc25_1_0-64bit-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-64bit-debuginfo-25.1-150500.12.5.1 * libprotobuf25_1_0-64bit-debuginfo-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-64bit-25.1-150500.12.5.1 * openSUSE Leap Micro 5.5 (aarch64 ppc64le s390x x86_64) * libprotobuf-lite25_1_0-debuginfo-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-25.1-150500.12.5.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * protobuf-debugsource-25.1-150500.12.5.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libprotobuf-lite25_1_0-25.1-150500.12.5.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libprotobuf-lite25_1_0-25.1-150500.12.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libprotobuf-lite25_1_0-25.1-150500.12.5.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libprotobuf-lite25_1_0-25.1-150500.12.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * protobuf-debugsource-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-25.1-150500.12.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libprotobuf25_1_0-25.1-150500.12.5.1 * libprotoc25_1_0-debuginfo-25.1-150500.12.5.1 * libprotobuf25_1_0-debuginfo-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-25.1-150500.12.5.1 * protobuf-debugsource-25.1-150500.12.5.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150500.12.5.1 * libprotoc25_1_0-25.1-150500.12.5.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libprotoc25_1_0-debuginfo-25.1-150500.12.5.1 * protobuf-devel-debuginfo-25.1-150500.12.5.1 * protobuf-debugsource-25.1-150500.12.5.1 * libprotoc25_1_0-25.1-150500.12.5.1 * protobuf-devel-25.1-150500.12.5.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * protobuf-debugsource-25.1-150500.12.5.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libprotoc25_1_0-debuginfo-25.1-150500.12.5.1 * protobuf-debugsource-25.1-150500.12.5.1 * libprotoc25_1_0-25.1-150500.12.5.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-protobuf-4.25.1-150500.12.5.1 ## References: * https://www.suse.com/security/cve/CVE-2024-7254.html * https://bugzilla.suse.com/show_bug.cgi?id=1230778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 22 16:30:07 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 22 Oct 2024 16:30:07 -0000 Subject: SUSE-SU-2024:3746-1: important: Security update for protobuf Message-ID: <172961460793.7152.2919698017433164764@smelt2.prg2.suse.org> # Security update for protobuf Announcement ID: SUSE-SU-2024:3746-1 Release Date: 2024-10-22T13:40:56Z Rating: important References: * bsc#1230778 Cross-References: * CVE-2024-7254 CVSS scores: * CVE-2024-7254 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-7254 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for protobuf fixes the following issues: * CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3746=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-3746=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-3746=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3746=1 SUSE- SLE-INSTALLER-15-SP4-2024-3746=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3746=1 SUSE-SLE- INSTALLER-15-SP4-2024-3746=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-3746=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3746=1 SUSE-SLE-INSTALLER-15-SP4-2024-3746=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-3746=1 SUSE-SLE-Product-SUSE- Manager-Proxy-4.3-2024-3746=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3746=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3746=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3746=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3746=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-3746=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3746=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3746=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3746=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3746=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * protobuf-java-25.1-150400.9.10.1 * libprotobuf25_1_0-25.1-150400.9.10.1 * libprotoc25_1_0-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-debuginfo-25.1-150400.9.10.1 * python311-protobuf-4.25.1-150400.9.10.1 * libprotoc25_1_0-25.1-150400.9.10.1 * protobuf-devel-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * protobuf-devel-debuginfo-25.1-150400.9.10.1 * protobuf-debugsource-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * openSUSE Leap 15.4 (x86_64) * libprotobuf-lite25_1_0-32bit-25.1-150400.9.10.1 * libprotoc25_1_0-32bit-25.1-150400.9.10.1 * libprotoc25_1_0-32bit-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-32bit-25.1-150400.9.10.1 * libprotobuf25_1_0-32bit-debuginfo-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-32bit-debuginfo-25.1-150400.9.10.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libprotobuf25_1_0-64bit-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-64bit-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-64bit-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-64bit-debuginfo-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-64bit-25.1-150400.9.10.1 * libprotobuf25_1_0-64bit-25.1-150400.9.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libprotobuf25_1_0-25.1-150400.9.10.1 * libprotoc25_1_0-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libprotobuf25_1_0-25.1-150400.9.10.1 * libprotoc25_1_0-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-25.1-150400.9.10.1 * protobuf-devel-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * protobuf-devel-debuginfo-25.1-150400.9.10.1 * protobuf-debugsource-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libprotobuf25_1_0-25.1-150400.9.10.1 * libprotoc25_1_0-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Manager Proxy 4.3 (x86_64) * libprotobuf25_1_0-25.1-150400.9.10.1 * libprotoc25_1_0-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-protobuf-4.25.1-150400.9.10.1 * protobuf-debugsource-25.1-150400.9.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libprotobuf25_1_0-25.1-150400.9.10.1 * libprotoc25_1_0-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-25.1-150400.9.10.1 * protobuf-devel-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * protobuf-devel-debuginfo-25.1-150400.9.10.1 * protobuf-debugsource-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libprotobuf25_1_0-25.1-150400.9.10.1 * libprotoc25_1_0-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-25.1-150400.9.10.1 * protobuf-devel-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * protobuf-devel-debuginfo-25.1-150400.9.10.1 * protobuf-debugsource-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libprotobuf25_1_0-25.1-150400.9.10.1 * libprotoc25_1_0-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-25.1-150400.9.10.1 * protobuf-devel-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * protobuf-devel-debuginfo-25.1-150400.9.10.1 * protobuf-debugsource-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libprotobuf25_1_0-25.1-150400.9.10.1 * libprotoc25_1_0-debuginfo-25.1-150400.9.10.1 * libprotobuf25_1_0-debuginfo-25.1-150400.9.10.1 * libprotoc25_1_0-25.1-150400.9.10.1 * protobuf-devel-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-25.1-150400.9.10.1 * protobuf-devel-debuginfo-25.1-150400.9.10.1 * protobuf-debugsource-25.1-150400.9.10.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150400.9.10.1 ## References: * https://www.suse.com/security/cve/CVE-2024-7254.html * https://bugzilla.suse.com/show_bug.cgi?id=1230778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 22 16:30:10 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 22 Oct 2024 16:30:10 -0000 Subject: SUSE-SU-2024:3745-1: important: Security update for protobuf Message-ID: <172961461050.7152.10925447372991803549@smelt2.prg2.suse.org> # Security update for protobuf Announcement ID: SUSE-SU-2024:3745-1 Release Date: 2024-10-22T13:39:53Z Rating: important References: * bsc#1230778 Cross-References: * CVE-2024-7254 CVSS scores: * CVE-2024-7254 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-7254 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for protobuf fixes the following issues: * CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3745=1 SUSE-2024-3745=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3745=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3745=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3745=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3745=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * protobuf-debugsource-25.1-150600.16.7.1 * libprotobuf-lite25_1_0-25.1-150600.16.7.1 * libprotoc25_1_0-debuginfo-25.1-150600.16.7.1 * protobuf-devel-25.1-150600.16.7.1 * libprotobuf25_1_0-25.1-150600.16.7.1 * python311-protobuf-4.25.1-150600.16.7.1 * protobuf-java-25.1-150600.16.7.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150600.16.7.1 * protobuf-devel-debuginfo-25.1-150600.16.7.1 * libprotoc25_1_0-25.1-150600.16.7.1 * libprotobuf25_1_0-debuginfo-25.1-150600.16.7.1 * openSUSE Leap 15.6 (x86_64) * libprotobuf-lite25_1_0-32bit-debuginfo-25.1-150600.16.7.1 * libprotobuf-lite25_1_0-32bit-25.1-150600.16.7.1 * libprotobuf25_1_0-32bit-debuginfo-25.1-150600.16.7.1 * libprotoc25_1_0-32bit-25.1-150600.16.7.1 * libprotoc25_1_0-32bit-debuginfo-25.1-150600.16.7.1 * libprotobuf25_1_0-32bit-25.1-150600.16.7.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libprotobuf-lite25_1_0-64bit-debuginfo-25.1-150600.16.7.1 * libprotobuf25_1_0-64bit-25.1-150600.16.7.1 * libprotoc25_1_0-64bit-debuginfo-25.1-150600.16.7.1 * libprotoc25_1_0-64bit-25.1-150600.16.7.1 * libprotobuf25_1_0-64bit-debuginfo-25.1-150600.16.7.1 * libprotobuf-lite25_1_0-64bit-25.1-150600.16.7.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * protobuf-debugsource-25.1-150600.16.7.1 * libprotobuf-lite25_1_0-25.1-150600.16.7.1 * libprotoc25_1_0-debuginfo-25.1-150600.16.7.1 * libprotobuf25_1_0-25.1-150600.16.7.1 * libprotobuf-lite25_1_0-debuginfo-25.1-150600.16.7.1 * libprotoc25_1_0-25.1-150600.16.7.1 * libprotobuf25_1_0-debuginfo-25.1-150600.16.7.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * protobuf-debugsource-25.1-150600.16.7.1 * protobuf-devel-debuginfo-25.1-150600.16.7.1 * protobuf-devel-25.1-150600.16.7.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * protobuf-debugsource-25.1-150600.16.7.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python311-protobuf-4.25.1-150600.16.7.1 ## References: * https://www.suse.com/security/cve/CVE-2024-7254.html * https://bugzilla.suse.com/show_bug.cgi?id=1230778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 22 16:30:19 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 22 Oct 2024 16:30:19 -0000 Subject: SUSE-SU-2024:3744-1: important: Security update for qemu Message-ID: <172961461907.7152.17307472428927013356@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2024:3744-1 Release Date: 2024-10-22T13:34:33Z Rating: important References: * bsc#1224132 * bsc#1229007 * bsc#1229929 * bsc#1230140 * bsc#1230834 * bsc#1230915 * bsc#1231519 Cross-References: * CVE-2024-4693 * CVE-2024-7409 * CVE-2024-8354 * CVE-2024-8612 CVSS scores: * CVE-2024-4693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-7409 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-7409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-7409 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8354 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-8354 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8354 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8354 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8612 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-8612 ( SUSE ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N * CVE-2024-8612 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: * Confidential Computing Module 15-SP6 * SUSE Linux Enterprise Server 15 SP6 An update that solves four vulnerabilities and has three security fixes can now be installed. ## Description: This update for qemu fixes the following issues: Security fixes: * CVE-2024-8354: Fixed assertion failure in usb_ep_get() (bsc#1230834) * CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915) Update version to 8.2.7: Security fixes: * CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007) * CVE-2024-4693: Fixed improper release of configure vector in virtio-pci that lead to guest triggerable crash (bsc#1224132) Other fixes: * added missing fix for ppc64 emulation that caused corruption in userspace (bsc#1230140) * target/ppc: Fix lxvx/stxvx facility check (bsc#1229929) * accel/kvm: check for KVM_CAP_READONLY_MEM on VM (bsc#1231519) Full changelog here: https://lore.kernel.org/qemu- devel/d9ff276f-f1ba-4e90-8343-a7a0dc2bf305 at tls.msk.ru/ ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Confidential Computing Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Confidential-Computing-15-SP6-2024-3744=1 ## Package List: * Confidential Computing Module 15-SP6 (x86_64) * qemu-hw-display-virtio-gpu-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-hw-usb-host-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-hw-display-virtio-gpu-8.2.7-15061.6.coco15sp6.1 * qemu-hw-display-qxl-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-ui-spice-app-8.2.7-15061.6.coco15sp6.1 * qemu-hw-usb-redirect-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-hw-display-virtio-gpu-pci-8.2.7-15061.6.coco15sp6.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-ksm-8.2.7-15061.6.coco15sp6.1 * qemu-audio-spice-8.2.7-15061.6.coco15sp6.1 * qemu-ui-curses-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-guest-agent-8.2.7-15061.6.coco15sp6.1 * qemu-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-block-nfs-8.2.7-15061.6.coco15sp6.1 * qemu-8.2.7-15061.6.coco15sp6.1 * qemu-guest-agent-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-ui-dbus-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-block-ssh-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-audio-pipewire-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-block-iscsi-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-ui-gtk-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-ui-opengl-8.2.7-15061.6.coco15sp6.1 * qemu-ui-spice-core-8.2.7-15061.6.coco15sp6.1 * qemu-audio-pa-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-img-8.2.7-15061.6.coco15sp6.1 * qemu-x86-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-block-curl-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-img-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-block-iscsi-8.2.7-15061.6.coco15sp6.1 * qemu-tools-8.2.7-15061.6.coco15sp6.1 * qemu-hw-usb-host-8.2.7-15061.6.coco15sp6.1 * qemu-pr-helper-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-ui-curses-8.2.7-15061.6.coco15sp6.1 * qemu-headless-8.2.7-15061.6.coco15sp6.1 * qemu-ui-gtk-8.2.7-15061.6.coco15sp6.1 * qemu-audio-pa-8.2.7-15061.6.coco15sp6.1 * qemu-audio-dbus-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-hw-usb-redirect-8.2.7-15061.6.coco15sp6.1 * qemu-audio-alsa-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-lang-8.2.7-15061.6.coco15sp6.1 * qemu-ui-spice-core-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-ui-dbus-8.2.7-15061.6.coco15sp6.1 * qemu-pr-helper-8.2.7-15061.6.coco15sp6.1 * qemu-chardev-spice-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-spice-8.2.7-15061.6.coco15sp6.1 * qemu-ui-opengl-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-block-rbd-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-block-ssh-8.2.7-15061.6.coco15sp6.1 * qemu-block-curl-8.2.7-15061.6.coco15sp6.1 * qemu-accel-tcg-x86-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-hw-display-virtio-vga-8.2.7-15061.6.coco15sp6.1 * qemu-ui-spice-app-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-audio-alsa-8.2.7-15061.6.coco15sp6.1 * qemu-chardev-spice-8.2.7-15061.6.coco15sp6.1 * qemu-x86-8.2.7-15061.6.coco15sp6.1 * qemu-audio-dbus-8.2.7-15061.6.coco15sp6.1 * qemu-audio-spice-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-debugsource-8.2.7-15061.6.coco15sp6.1 * qemu-hw-display-qxl-8.2.7-15061.6.coco15sp6.1 * qemu-accel-tcg-x86-8.2.7-15061.6.coco15sp6.1 * qemu-audio-pipewire-8.2.7-15061.6.coco15sp6.1 * qemu-chardev-baum-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-block-nfs-debuginfo-8.2.7-15061.6.coco15sp6.1 * qemu-block-rbd-8.2.7-15061.6.coco15sp6.1 * qemu-chardev-baum-8.2.7-15061.6.coco15sp6.1 * qemu-tools-debuginfo-8.2.7-15061.6.coco15sp6.1 * Confidential Computing Module 15-SP6 (noarch) * qemu-SLOF-8.2.7-15061.6.coco15sp6.1 * qemu-seabios-8.2.71.16.3_3_ga95067eb-15061.6.coco15sp6.1 * qemu-ipxe-8.2.7-15061.6.coco15sp6.1 * qemu-skiboot-8.2.7-15061.6.coco15sp6.1 * qemu-vgabios-8.2.71.16.3_3_ga95067eb-15061.6.coco15sp6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4693.html * https://www.suse.com/security/cve/CVE-2024-7409.html * https://www.suse.com/security/cve/CVE-2024-8354.html * https://www.suse.com/security/cve/CVE-2024-8612.html * https://bugzilla.suse.com/show_bug.cgi?id=1224132 * https://bugzilla.suse.com/show_bug.cgi?id=1229007 * https://bugzilla.suse.com/show_bug.cgi?id=1229929 * https://bugzilla.suse.com/show_bug.cgi?id=1230140 * https://bugzilla.suse.com/show_bug.cgi?id=1230834 * https://bugzilla.suse.com/show_bug.cgi?id=1230915 * https://bugzilla.suse.com/show_bug.cgi?id=1231519 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 23 12:30:07 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 23 Oct 2024 12:30:07 -0000 Subject: SUSE-SU-2024:3748-1: moderate: Security update for cargo-c Message-ID: <172968660766.7152.10158084670624819057@smelt2.prg2.suse.org> # Security update for cargo-c Announcement ID: SUSE-SU-2024:3748-1 Release Date: 2024-10-23T11:33:38Z Rating: moderate References: * bsc#1230683 Cross-References: * CVE-2024-45405 CVSS scores: * CVE-2024-45405 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-45405 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for cargo-c fixes the following issues: Security fixes: * CVE-2024-45405: Fixed gix-path improper path resolution (bsc#1230683) Other fixes: * Update to version 0.10.3~git0.ee7d7ef: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3748=1 openSUSE-SLE-15.6-2024-3748=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * cargo-c-debuginfo-0.10.3~git0.ee7d7ef-150600.3.3.1 * cargo-c-0.10.3~git0.ee7d7ef-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45405.html * https://bugzilla.suse.com/show_bug.cgi?id=1230683 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 23 16:30:04 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 23 Oct 2024 16:30:04 -0000 Subject: SUSE-SU-2024:3750-1: important: Security update for apache2 Message-ID: <172970100402.31428.5176001755414332952@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2024:3750-1 Release Date: 2024-10-23T15:33:30Z Rating: important References: * bsc#1228097 Cross-References: * CVE-2024-40725 CVSS scores: * CVE-2024-40725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2024-3750=1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-3750=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3750=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * apache2-tls13-worker-2.4.51-35.63.1 * apache2-prefork-debuginfo-2.4.51-35.63.1 * apache2-tls13-utils-2.4.51-35.63.1 * apache2-worker-debuginfo-2.4.51-35.63.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.63.1 * apache2-tls13-utils-debuginfo-2.4.51-35.63.1 * apache2-utils-2.4.51-35.63.1 * apache2-tls13-debuginfo-2.4.51-35.63.1 * apache2-worker-2.4.51-35.63.1 * apache2-example-pages-2.4.51-35.63.1 * apache2-debugsource-2.4.51-35.63.1 * apache2-prefork-2.4.51-35.63.1 * apache2-tls13-debugsource-2.4.51-35.63.1 * apache2-tls13-prefork-2.4.51-35.63.1 * apache2-tls13-2.4.51-35.63.1 * apache2-tls13-worker-debuginfo-2.4.51-35.63.1 * apache2-debuginfo-2.4.51-35.63.1 * apache2-2.4.51-35.63.1 * apache2-tls13-example-pages-2.4.51-35.63.1 * apache2-utils-debuginfo-2.4.51-35.63.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * apache2-doc-2.4.51-35.63.1 * apache2-tls13-doc-2.4.51-35.63.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (aarch64 ppc64le s390x x86_64) * apache2-tls13-worker-2.4.51-35.63.1 * apache2-prefork-debuginfo-2.4.51-35.63.1 * apache2-tls13-utils-2.4.51-35.63.1 * apache2-worker-debuginfo-2.4.51-35.63.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.63.1 * apache2-tls13-utils-debuginfo-2.4.51-35.63.1 * apache2-utils-2.4.51-35.63.1 * apache2-tls13-debuginfo-2.4.51-35.63.1 * apache2-worker-2.4.51-35.63.1 * apache2-example-pages-2.4.51-35.63.1 * apache2-debugsource-2.4.51-35.63.1 * apache2-prefork-2.4.51-35.63.1 * apache2-tls13-debugsource-2.4.51-35.63.1 * apache2-tls13-prefork-2.4.51-35.63.1 * apache2-tls13-2.4.51-35.63.1 * apache2-tls13-worker-debuginfo-2.4.51-35.63.1 * apache2-debuginfo-2.4.51-35.63.1 * apache2-2.4.51-35.63.1 * apache2-tls13-example-pages-2.4.51-35.63.1 * apache2-utils-debuginfo-2.4.51-35.63.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (noarch) * apache2-doc-2.4.51-35.63.1 * apache2-tls13-doc-2.4.51-35.63.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (x86_64) * apache2-tls13-worker-2.4.51-35.63.1 * apache2-prefork-debuginfo-2.4.51-35.63.1 * apache2-tls13-utils-2.4.51-35.63.1 * apache2-worker-debuginfo-2.4.51-35.63.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.63.1 * apache2-tls13-utils-debuginfo-2.4.51-35.63.1 * apache2-utils-2.4.51-35.63.1 * apache2-tls13-debuginfo-2.4.51-35.63.1 * apache2-worker-2.4.51-35.63.1 * apache2-example-pages-2.4.51-35.63.1 * apache2-debugsource-2.4.51-35.63.1 * apache2-prefork-2.4.51-35.63.1 * apache2-tls13-debugsource-2.4.51-35.63.1 * apache2-tls13-prefork-2.4.51-35.63.1 * apache2-tls13-2.4.51-35.63.1 * apache2-tls13-worker-debuginfo-2.4.51-35.63.1 * apache2-debuginfo-2.4.51-35.63.1 * apache2-2.4.51-35.63.1 * apache2-tls13-example-pages-2.4.51-35.63.1 * apache2-utils-debuginfo-2.4.51-35.63.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (noarch) * apache2-doc-2.4.51-35.63.1 * apache2-tls13-doc-2.4.51-35.63.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40725.html * https://bugzilla.suse.com/show_bug.cgi?id=1228097 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 23 16:30:06 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 23 Oct 2024 16:30:06 -0000 Subject: SUSE-SU-2024:3749-1: important: Security update for python-pyOpenSSL Message-ID: <172970100618.31428.18047803943521873410@smelt2.prg2.suse.org> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2024:3749-1 Release Date: 2024-10-23T15:32:58Z Rating: important References: * bsc#1231700 Cross-References: * CVE-2018-1000807 CVSS scores: * CVE-2018-1000807 ( SUSE ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-1000807 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-1000807 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * Fixed error caused by a regression in fix for CVE-2018-1000807 (bsc#1231700) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3749=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2024-3749=1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-3749=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (noarch) * python-pyOpenSSL-17.1.0-4.29.1 * python3-pyOpenSSL-17.1.0-4.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python-pyOpenSSL-17.1.0-4.29.1 * python3-pyOpenSSL-17.1.0-4.29.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (noarch) * python-pyOpenSSL-17.1.0-4.29.1 * python3-pyOpenSSL-17.1.0-4.29.1 ## References: * https://www.suse.com/security/cve/CVE-2018-1000807.html * https://bugzilla.suse.com/show_bug.cgi?id=1231700 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 24 08:30:15 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 24 Oct 2024 08:30:15 -0000 Subject: SUSE-SU-2024:3755-1: important: Security update for go1.21-openssl Message-ID: <172975861559.8128.17747300171024377398@smelt2.prg2.suse.org> # Security update for go1.21-openssl Announcement ID: SUSE-SU-2024:3755-1 Release Date: 2024-10-24T07:54:09Z Rating: important References: * bsc#1212475 * bsc#1219988 * bsc#1220999 * bsc#1221000 * bsc#1221001 * bsc#1221002 * bsc#1221003 * bsc#1221400 * bsc#1224017 * bsc#1225973 * bsc#1225974 * bsc#1227314 * jsc#PED-1962 * jsc#SLE-18320 Cross-References: * CVE-2023-45288 * CVE-2023-45289 * CVE-2023-45290 * CVE-2024-24783 * CVE-2024-24784 * CVE-2024-24785 * CVE-2024-24787 * CVE-2024-24789 * CVE-2024-24790 * CVE-2024-24791 CVSS scores: * CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45289 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45290 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24783 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24784 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24787 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-24789 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24789 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24790 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L * CVE-2024-24790 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-24791 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 10 vulnerabilities, contains two features and has two security fixes can now be installed. ## Description: This update for go1.21-openssl fixes the following issues: * CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314) * CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973) * CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974) * CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017) * CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400) * CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000) * CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001) * CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999) * CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002) * CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003) Other fixes: \- Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320) \- Update to version 1.21.13 (bsc#1212475) \- Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962) \- Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3755=1 SUSE-2024-3755=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3755=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * go1.21-openssl-1.21.13.1-150600.16.3.1 * go1.21-openssl-doc-1.21.13.1-150600.16.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-race-1.21.13.1-150600.16.3.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-1.21.13.1-150600.16.3.1 * go1.21-openssl-race-1.21.13.1-150600.16.3.1 * go1.21-openssl-doc-1.21.13.1-150600.16.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2023-45289.html * https://www.suse.com/security/cve/CVE-2023-45290.html * https://www.suse.com/security/cve/CVE-2024-24783.html * https://www.suse.com/security/cve/CVE-2024-24784.html * https://www.suse.com/security/cve/CVE-2024-24785.html * https://www.suse.com/security/cve/CVE-2024-24787.html * https://www.suse.com/security/cve/CVE-2024-24789.html * https://www.suse.com/security/cve/CVE-2024-24790.html * https://www.suse.com/security/cve/CVE-2024-24791.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1219988 * https://bugzilla.suse.com/show_bug.cgi?id=1220999 * https://bugzilla.suse.com/show_bug.cgi?id=1221000 * https://bugzilla.suse.com/show_bug.cgi?id=1221001 * https://bugzilla.suse.com/show_bug.cgi?id=1221002 * https://bugzilla.suse.com/show_bug.cgi?id=1221003 * https://bugzilla.suse.com/show_bug.cgi?id=1221400 * https://bugzilla.suse.com/show_bug.cgi?id=1224017 * https://bugzilla.suse.com/show_bug.cgi?id=1225973 * https://bugzilla.suse.com/show_bug.cgi?id=1225974 * https://bugzilla.suse.com/show_bug.cgi?id=1227314 * https://jira.suse.com/browse/PED-1962 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 24 08:30:17 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 24 Oct 2024 08:30:17 -0000 Subject: SUSE-SU-2024:3754-1: moderate: Security update for buildah Message-ID: <172975861792.8128.13388846591417450271@smelt2.prg2.suse.org> # Security update for buildah Announcement ID: SUSE-SU-2024:3754-1 Release Date: 2024-10-24T03:34:40Z Rating: moderate References: * bsc#1231698 Cross-References: * CVE-2024-9676 CVSS scores: * CVE-2024-9676 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-9676 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9676 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Containers Module 15-SP5 * Containers Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for buildah fixes the following issues: * CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service (DoS) (bsc#1231698) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3754=1 openSUSE-SLE-15.5-2024-3754=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3754=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3754=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3754=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.35.4-150500.3.19.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.19.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.19.1 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * buildah-1.35.4-150500.3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9676.html * https://bugzilla.suse.com/show_bug.cgi?id=1231698 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 24 08:30:22 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 24 Oct 2024 08:30:22 -0000 Subject: SUSE-SU-2024:3753-1: moderate: Security update for podman Message-ID: <172975862238.8128.9165345559190669399@smelt2.prg2.suse.org> # Security update for podman Announcement ID: SUSE-SU-2024:3753-1 Release Date: 2024-10-24T03:34:23Z Rating: moderate References: * bsc#1231698 Cross-References: * CVE-2024-9676 CVSS scores: * CVE-2024-9676 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-9676 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9676 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Containers Module 15-SP5 * Containers Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service (DoS) (bsc#1231698) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3753=1 openSUSE-SLE-15.5-2024-3753=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3753=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3753=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3753=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3753=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3753=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * podman-debuginfo-4.9.5-150500.3.28.1 * podman-4.9.5-150500.3.28.1 * podman-remote-4.9.5-150500.3.28.1 * podmansh-4.9.5-150500.3.28.1 * podman-remote-debuginfo-4.9.5-150500.3.28.1 * openSUSE Leap 15.5 (noarch) * podman-docker-4.9.5-150500.3.28.1 * openSUSE Leap Micro 5.5 (aarch64 ppc64le s390x x86_64) * podman-debuginfo-4.9.5-150500.3.28.1 * podman-4.9.5-150500.3.28.1 * podman-remote-4.9.5-150500.3.28.1 * podmansh-4.9.5-150500.3.28.1 * podman-remote-debuginfo-4.9.5-150500.3.28.1 * openSUSE Leap Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.28.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * podman-debuginfo-4.9.5-150500.3.28.1 * podman-4.9.5-150500.3.28.1 * podman-remote-4.9.5-150500.3.28.1 * podmansh-4.9.5-150500.3.28.1 * podman-remote-debuginfo-4.9.5-150500.3.28.1 * openSUSE Leap 15.6 (noarch) * podman-docker-4.9.5-150500.3.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * podman-debuginfo-4.9.5-150500.3.28.1 * podman-4.9.5-150500.3.28.1 * podman-remote-4.9.5-150500.3.28.1 * podmansh-4.9.5-150500.3.28.1 * podman-remote-debuginfo-4.9.5-150500.3.28.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.28.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * podman-debuginfo-4.9.5-150500.3.28.1 * podman-4.9.5-150500.3.28.1 * podman-remote-4.9.5-150500.3.28.1 * podmansh-4.9.5-150500.3.28.1 * podman-remote-debuginfo-4.9.5-150500.3.28.1 * Containers Module 15-SP5 (noarch) * podman-docker-4.9.5-150500.3.28.1 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * podman-debuginfo-4.9.5-150500.3.28.1 * podman-4.9.5-150500.3.28.1 * podman-remote-4.9.5-150500.3.28.1 * podmansh-4.9.5-150500.3.28.1 * podman-remote-debuginfo-4.9.5-150500.3.28.1 * Containers Module 15-SP6 (noarch) * podman-docker-4.9.5-150500.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9676.html * https://bugzilla.suse.com/show_bug.cgi?id=1231698 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 24 08:30:25 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 24 Oct 2024 08:30:25 -0000 Subject: SUSE-SU-2024:3752-1: important: Security update for webkit2gtk3 Message-ID: <172975862532.8128.6247760451190585587@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2024:3752-1 Release Date: 2024-10-24T03:33:57Z Rating: important References: * bsc#1231039 Cross-References: * CVE-2024-23206 * CVE-2024-23213 * CVE-2024-23222 * CVE-2024-23271 * CVE-2024-27808 * CVE-2024-27820 * CVE-2024-27833 * CVE-2024-27834 * CVE-2024-27838 * CVE-2024-27851 * CVE-2024-40866 * CVE-2024-44187 * CVE-2024-4558 CVSS scores: * CVE-2024-23206 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-23206 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-23213 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23213 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23222 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23222 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23271 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2024-27808 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27808 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27820 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27820 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27833 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27833 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27834 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27838 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-27838 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-27851 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27851 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40866 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-40866 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-44187 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-44187 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP6 * Desktop Applications Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.46.0 (bsc#1231039). * CVE-2024-40866 * CVE-2024-44187 Already fixed in version 2.44.3: * CVE-2024-27838 * CVE-2024-27851 Already fixed in version 2.44.2: * CVE-2024-27834 * CVE-2024-27808 * CVE-2024-27820 * CVE-2024-27833 Already fixed in version 2.44.1: * CVE-2024-23222 * CVE-2024-23206 * CVE-2024-23213 * CVE-2024-23271 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3752=1 openSUSE-SLE-15.6-2024-3752=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3752=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3752=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3752=1 ## Package List: * openSUSE Leap 15.6 (noarch) * WebKitGTK-6.0-lang-2.46.0-150600.12.12.1 * WebKitGTK-4.1-lang-2.46.0-150600.12.12.1 * WebKitGTK-4.0-lang-2.46.0-150600.12.12.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * webkit-jsc-6.0-debuginfo-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_0-18-2.46.0-150600.12.12.1 * webkit2gtk3-soup2-devel-2.46.0-150600.12.12.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.46.0-150600.12.12.1 * webkit2gtk4-minibrowser-2.46.0-150600.12.12.1 * typelib-1_0-WebKit2WebExtension-4_1-2.46.0-150600.12.12.1 * webkit2gtk4-debugsource-2.46.0-150600.12.12.1 * webkit-jsc-4-2.46.0-150600.12.12.1 * libwebkitgtk-6_0-4-debuginfo-2.46.0-150600.12.12.1 * webkit-jsc-6.0-2.46.0-150600.12.12.1 * webkit2gtk-4_0-injected-bundles-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_1-0-2.46.0-150600.12.12.1 * webkit2gtk4-minibrowser-debuginfo-2.46.0-150600.12.12.1 * libwebkit2gtk-4_1-0-2.46.0-150600.12.12.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.46.0-150600.12.12.1 * libjavascriptcoregtk-6_0-1-2.46.0-150600.12.12.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.46.0-150600.12.12.1 * typelib-1_0-JavaScriptCore-6_0-2.46.0-150600.12.12.1 * webkitgtk-6_0-injected-bundles-2.46.0-150600.12.12.1 * typelib-1_0-JavaScriptCore-4_0-2.46.0-150600.12.12.1 * webkit2gtk3-debugsource-2.46.0-150600.12.12.1 * libwebkit2gtk-4_1-0-debuginfo-2.46.0-150600.12.12.1 * typelib-1_0-WebKit2WebExtension-4_0-2.46.0-150600.12.12.1 * libwebkit2gtk-4_0-37-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.46.0-150600.12.12.1 * typelib-1_0-WebKit2-4_1-2.46.0-150600.12.12.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.46.0-150600.12.12.1 * webkit-jsc-4-debuginfo-2.46.0-150600.12.12.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.46.0-150600.12.12.1 * webkit2gtk3-soup2-minibrowser-2.46.0-150600.12.12.1 * typelib-1_0-WebKit2-4_0-2.46.0-150600.12.12.1 * libwebkit2gtk-4_0-37-debuginfo-2.46.0-150600.12.12.1 * webkit2gtk-4_1-injected-bundles-2.46.0-150600.12.12.1 * webkit2gtk3-devel-2.46.0-150600.12.12.1 * webkit2gtk4-devel-2.46.0-150600.12.12.1 * typelib-1_0-JavaScriptCore-4_1-2.46.0-150600.12.12.1 * webkit2gtk3-minibrowser-debuginfo-2.46.0-150600.12.12.1 * webkit2gtk3-minibrowser-2.46.0-150600.12.12.1 * webkit-jsc-4.1-2.46.0-150600.12.12.1 * webkit2gtk3-soup2-debugsource-2.46.0-150600.12.12.1 * libwebkitgtk-6_0-4-2.46.0-150600.12.12.1 * typelib-1_0-WebKit-6_0-2.46.0-150600.12.12.1 * webkit-jsc-4.1-debuginfo-2.46.0-150600.12.12.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.46.0-150600.12.12.1 * openSUSE Leap 15.6 (x86_64) * libwebkit2gtk-4_1-0-32bit-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_0-18-32bit-2.46.0-150600.12.12.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.46.0-150600.12.12.1 * libwebkit2gtk-4_0-37-32bit-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_1-0-32bit-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.46.0-150600.12.12.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.46.0-150600.12.12.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libjavascriptcoregtk-4_0-18-64bit-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_1-0-64bit-2.46.0-150600.12.12.1 * libwebkit2gtk-4_1-0-64bit-2.46.0-150600.12.12.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.46.0-150600.12.12.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.46.0-150600.12.12.1 * libwebkit2gtk-4_0-37-64bit-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.46.0-150600.12.12.1 * Basesystem Module 15-SP6 (noarch) * WebKitGTK-6.0-lang-2.46.0-150600.12.12.1 * WebKitGTK-4.0-lang-2.46.0-150600.12.12.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-2.46.0-150600.12.12.1 * typelib-1_0-WebKit2-4_0-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_0-18-2.46.0-150600.12.12.1 * typelib-1_0-WebKit2WebExtension-4_0-2.46.0-150600.12.12.1 * webkit2gtk3-soup2-devel-2.46.0-150600.12.12.1 * libwebkit2gtk-4_0-37-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.46.0-150600.12.12.1 * libwebkitgtk-6_0-4-2.46.0-150600.12.12.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.46.0-150600.12.12.1 * libjavascriptcoregtk-6_0-1-2.46.0-150600.12.12.1 * webkit2gtk3-soup2-debugsource-2.46.0-150600.12.12.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.46.0-150600.12.12.1 * libwebkitgtk-6_0-4-debuginfo-2.46.0-150600.12.12.1 * webkit2gtk4-debugsource-2.46.0-150600.12.12.1 * libwebkit2gtk-4_0-37-debuginfo-2.46.0-150600.12.12.1 * webkitgtk-6_0-injected-bundles-2.46.0-150600.12.12.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.46.0-150600.12.12.1 * typelib-1_0-JavaScriptCore-4_0-2.46.0-150600.12.12.1 * Desktop Applications Module 15-SP6 (noarch) * WebKitGTK-4.1-lang-2.46.0-150600.12.12.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-devel-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_1-0-2.46.0-150600.12.12.1 * libwebkit2gtk-4_1-0-2.46.0-150600.12.12.1 * webkit2gtk3-debugsource-2.46.0-150600.12.12.1 * libwebkit2gtk-4_1-0-debuginfo-2.46.0-150600.12.12.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.46.0-150600.12.12.1 * typelib-1_0-WebKit2WebExtension-4_1-2.46.0-150600.12.12.1 * typelib-1_0-WebKit2-4_1-2.46.0-150600.12.12.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.46.0-150600.12.12.1 * webkit2gtk-4_1-injected-bundles-2.46.0-150600.12.12.1 * typelib-1_0-JavaScriptCore-4_1-2.46.0-150600.12.12.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * webkit2gtk4-devel-2.46.0-150600.12.12.1 * webkit2gtk4-debugsource-2.46.0-150600.12.12.1 * typelib-1_0-JavaScriptCore-6_0-2.46.0-150600.12.12.1 * typelib-1_0-WebKit-6_0-2.46.0-150600.12.12.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.46.0-150600.12.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-23206.html * https://www.suse.com/security/cve/CVE-2024-23213.html * https://www.suse.com/security/cve/CVE-2024-23222.html * https://www.suse.com/security/cve/CVE-2024-23271.html * https://www.suse.com/security/cve/CVE-2024-27808.html * https://www.suse.com/security/cve/CVE-2024-27820.html * https://www.suse.com/security/cve/CVE-2024-27833.html * https://www.suse.com/security/cve/CVE-2024-27834.html * https://www.suse.com/security/cve/CVE-2024-27838.html * https://www.suse.com/security/cve/CVE-2024-27851.html * https://www.suse.com/security/cve/CVE-2024-40866.html * https://www.suse.com/security/cve/CVE-2024-44187.html * https://www.suse.com/security/cve/CVE-2024-4558.html * https://bugzilla.suse.com/show_bug.cgi?id=1231039 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 24 08:30:28 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 24 Oct 2024 08:30:28 -0000 Subject: SUSE-SU-2024:3751-1: important: Security update for webkit2gtk3 Message-ID: <172975862831.8128.8618313401781550992@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2024:3751-1 Release Date: 2024-10-24T01:33:39Z Rating: important References: * bsc#1231039 Cross-References: * CVE-2024-23213 * CVE-2024-23271 * CVE-2024-27808 * CVE-2024-27820 * CVE-2024-27833 * CVE-2024-27834 * CVE-2024-27838 * CVE-2024-27851 * CVE-2024-40866 * CVE-2024-44187 * CVE-2024-4558 CVSS scores: * CVE-2024-23213 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23213 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23271 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2024-27808 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27808 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27820 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27820 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27833 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27833 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27834 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27838 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-27838 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-27851 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-27851 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40866 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-40866 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-44187 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-44187 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.46.0 (bsc#1231039). * CVE-2024-40866 * CVE-2024-44187 Already fixed in version 2.44.3: * CVE-2024-4558 * CVE-2024-27838 * CVE-2024-27851 Already fixed in version 2.44.2: * CVE-2024-27834 * CVE-2024-27808 * CVE-2024-27820 * CVE-2024-27833 Already fixed in version 2.44.1: * CVE-2024-23222 * CVE-2024-23206 * CVE-2024-23213 * CVE-2024-23271 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-3751=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3751=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-2.46.0-4.15.1 * typelib-1_0-JavaScriptCore-4_0-2.46.0-4.15.1 * webkit2gtk3-debugsource-2.46.0-4.15.1 * libjavascriptcoregtk-4_0-18-2.46.0-4.15.1 * typelib-1_0-WebKit2WebExtension-4_0-2.46.0-4.15.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.46.0-4.15.1 * typelib-1_0-WebKit2-4_0-2.46.0-4.15.1 * webkit2gtk-4_0-injected-bundles-2.46.0-4.15.1 * libwebkit2gtk-4_0-37-debuginfo-2.46.0-4.15.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (noarch) * libwebkit2gtk3-lang-2.46.0-4.15.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.46.0-4.15.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (x86_64) * libwebkit2gtk-4_0-37-2.46.0-4.15.1 * typelib-1_0-JavaScriptCore-4_0-2.46.0-4.15.1 * webkit2gtk3-debugsource-2.46.0-4.15.1 * libjavascriptcoregtk-4_0-18-2.46.0-4.15.1 * typelib-1_0-WebKit2WebExtension-4_0-2.46.0-4.15.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.46.0-4.15.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.46.0-4.15.1 * typelib-1_0-WebKit2-4_0-2.46.0-4.15.1 * webkit2gtk-4_0-injected-bundles-2.46.0-4.15.1 * libwebkit2gtk-4_0-37-debuginfo-2.46.0-4.15.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (noarch) * libwebkit2gtk3-lang-2.46.0-4.15.1 ## References: * https://www.suse.com/security/cve/CVE-2024-23213.html * https://www.suse.com/security/cve/CVE-2024-23271.html * https://www.suse.com/security/cve/CVE-2024-27808.html * https://www.suse.com/security/cve/CVE-2024-27820.html * https://www.suse.com/security/cve/CVE-2024-27833.html * https://www.suse.com/security/cve/CVE-2024-27834.html * https://www.suse.com/security/cve/CVE-2024-27838.html * https://www.suse.com/security/cve/CVE-2024-27851.html * https://www.suse.com/security/cve/CVE-2024-40866.html * https://www.suse.com/security/cve/CVE-2024-44187.html * https://www.suse.com/security/cve/CVE-2024-4558.html * https://bugzilla.suse.com/show_bug.cgi?id=1231039 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 24 12:30:07 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 24 Oct 2024 12:30:07 -0000 Subject: SUSE-SU-2024:3159-2: important: Security update for postgresql16 Message-ID: <172977300703.6932.6021780236994551738@smelt2.prg2.suse.org> # Security update for postgresql16 Announcement ID: SUSE-SU-2024:3159-2 Release Date: 2024-10-24T08:44:34Z Rating: important References: * bsc#1224038 * bsc#1224051 * bsc#1229013 Cross-References: * CVE-2024-4317 * CVE-2024-7348 CVSS scores: * CVE-2024-4317 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-7348 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-7348 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-7348 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for postgresql16 fixes the following issues: * Upgrade to 16.4 (bsc#1229013) * CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) * CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See the release notes for the steps that have to be taken to fix existing PostgreSQL instances. (bsc#1224038) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3159=1 ## Package List: * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql16-llvmjit-debuginfo-16.4-150600.16.5.1 * postgresql16-debugsource-16.4-150600.16.5.1 * postgresql16-test-16.4-150600.16.5.1 * postgresql16-debuginfo-16.4-150600.16.5.1 * postgresql16-llvmjit-16.4-150600.16.5.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4317.html * https://www.suse.com/security/cve/CVE-2024-7348.html * https://bugzilla.suse.com/show_bug.cgi?id=1224038 * https://bugzilla.suse.com/show_bug.cgi?id=1224051 * https://bugzilla.suse.com/show_bug.cgi?id=1229013 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 24 12:30:09 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 24 Oct 2024 12:30:09 -0000 Subject: SUSE-SU-2024:3756-1: moderate: Security update for cups-filters Message-ID: <172977300922.6932.16717942555162932760@smelt2.prg2.suse.org> # Security update for cups-filters Announcement ID: SUSE-SU-2024:3756-1 Release Date: 2024-10-24T08:29:08Z Rating: moderate References: * bsc#1231294 Cross-References: * CVE-2024-47850 CVSS scores: * CVE-2024-47850 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H * CVE-2024-47850 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-47850 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for cups-filters fixes the following issues: * CVE-2024-47850: Fixed cups-browsed can be abused to initiate remote DDoS against third-party targets (bsc#1231294) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-3756=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3756=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (aarch64 ppc64le s390x x86_64) * cups-filters-cups-browsed-1.0.58-19.32.1 * cups-filters-debuginfo-1.0.58-19.32.1 * cups-filters-ghostscript-debuginfo-1.0.58-19.32.1 * cups-filters-1.0.58-19.32.1 * cups-filters-foomatic-rip-1.0.58-19.32.1 * cups-filters-foomatic-rip-debuginfo-1.0.58-19.32.1 * cups-filters-debugsource-1.0.58-19.32.1 * cups-filters-ghostscript-1.0.58-19.32.1 * cups-filters-cups-browsed-debuginfo-1.0.58-19.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (x86_64) * cups-filters-cups-browsed-1.0.58-19.32.1 * cups-filters-debuginfo-1.0.58-19.32.1 * cups-filters-ghostscript-debuginfo-1.0.58-19.32.1 * cups-filters-1.0.58-19.32.1 * cups-filters-foomatic-rip-1.0.58-19.32.1 * cups-filters-foomatic-rip-debuginfo-1.0.58-19.32.1 * cups-filters-debugsource-1.0.58-19.32.1 * cups-filters-ghostscript-1.0.58-19.32.1 * cups-filters-cups-browsed-debuginfo-1.0.58-19.32.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47850.html * https://bugzilla.suse.com/show_bug.cgi?id=1231294 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Oct 25 12:30:07 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 25 Oct 2024 12:30:07 -0000 Subject: SUSE-SU-2024:3757-1: moderate: Security update for openssl-1_1 Message-ID: <172985940700.21715.5331067981348576095@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2024:3757-1 Release Date: 2024-10-25T10:30:33Z Rating: moderate References: * bsc#1220262 Cross-References: * CVE-2023-50782 CVSS scores: * CVE-2023-50782 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-3757=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3757=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-1.1.1d-2.113.1 * libopenssl1_1-1.1.1d-2.113.1 * libopenssl1_1-hmac-1.1.1d-2.113.1 * openssl-1_1-debuginfo-1.1.1d-2.113.1 * openssl-1_1-debugsource-1.1.1d-2.113.1 * libopenssl1_1-debuginfo-1.1.1d-2.113.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (s390x x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.113.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.113.1 * libopenssl1_1-32bit-1.1.1d-2.113.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-2.113.1 * libopenssl1_1-1.1.1d-2.113.1 * libopenssl1_1-32bit-1.1.1d-2.113.1 * openssl-1_1-1.1.1d-2.113.1 * libopenssl1_1-hmac-1.1.1d-2.113.1 * openssl-1_1-debuginfo-1.1.1d-2.113.1 * openssl-1_1-debugsource-1.1.1d-2.113.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.113.1 * libopenssl1_1-debuginfo-1.1.1d-2.113.1 ## References: * https://www.suse.com/security/cve/CVE-2023-50782.html * https://bugzilla.suse.com/show_bug.cgi?id=1220262 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Oct 28 08:30:09 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 28 Oct 2024 08:30:09 -0000 Subject: SUSE-SU-2024:3760-1: moderate: Security update for python3 Message-ID: <173010420913.6932.15606865478831157852@smelt2.prg2.suse.org> # Security update for python3 Announcement ID: SUSE-SU-2024:3760-1 Release Date: 2024-10-28T03:33:34Z Rating: moderate References: * bsc#1230906 * bsc#1232241 Cross-References: * CVE-2024-9287 CVSS scores: * CVE-2024-9287 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green * CVE-2024-9287 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9287 ( NVD ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green Affected Products: * SUSE Linux Enterprise Micro 5.1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python3 fixes the following issues: Security fixes: * CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241) Other fixes: * Drop .pyc files from docdir for reproducible builds (bsc#1230906) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3760=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python3-debuginfo-3.6.15-150000.3.164.1 * libpython3_6m1_0-3.6.15-150000.3.164.1 * python3-base-debuginfo-3.6.15-150000.3.164.1 * python3-3.6.15-150000.3.164.1 * python3-debugsource-3.6.15-150000.3.164.1 * python3-core-debugsource-3.6.15-150000.3.164.1 * python3-base-3.6.15-150000.3.164.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.164.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9287.html * https://bugzilla.suse.com/show_bug.cgi?id=1230906 * https://bugzilla.suse.com/show_bug.cgi?id=1232241 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 08:30:08 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 08:30:08 -0000 Subject: SUSE-SU-2024:3768-1: important: Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP2) Message-ID: <173019060814.7152.18113646971700366349@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3768-1 Release Date: 2024-10-29T06:03:43Z Rating: important References: * bsc#1227471 * bsc#1227472 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2021-47598 * CVE-2021-47600 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_197 fixes several issues. The following security issues were fixed: * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1227472). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3768=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_197-default-debuginfo-3-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_197-default-3-150200.5.6.1 * kernel-livepatch-SLE15-SP2_Update_50-debugsource-3-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227472 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 08:30:14 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 08:30:14 -0000 Subject: SUSE-SU-2024:3767-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP2) Message-ID: <173019061432.7152.12529667414729545353@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3767-1 Release Date: 2024-10-29T04:33:35Z Rating: important References: * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 * bsc#1227472 Cross-References: * CVE-2021-47598 * CVE-2021-47600 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35864 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_175 fixes several issues. The following security issues were fixed: * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1227472). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3767=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_175-default-debuginfo-14-150200.2.1 * kernel-livepatch-5_3_18-150200_24_175-default-14-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_44-debugsource-14-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 08:30:16 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 08:30:16 -0000 Subject: SUSE-SU-2024:3764-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6) Message-ID: <173019061681.7152.5076214004638158584@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6) Announcement ID: SUSE-SU-2024:3764-1 Release Date: 2024-10-28T20:49:11Z Rating: important References: * bsc#1225819 Cross-References: * CVE-2023-52752 CVSS scores: * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_11 fixes one issue. The following security issue was fixed: * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3764=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_10_11-rt-debuginfo-2-150600.2.1 * kernel-livepatch-6_4_0-150600_10_11-rt-2-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_3-debugsource-2-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52752.html * https://bugzilla.suse.com/show_bug.cgi?id=1225819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 08:30:21 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 08:30:21 -0000 Subject: SUSE-SU-2024:3766-1: important: Security update for openssl-3 Message-ID: <173019062180.7152.12991699531452612538@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2024:3766-1 Release Date: 2024-10-29T01:34:36Z Rating: important References: * bsc#1220262 * bsc#1230698 Cross-References: * CVE-2023-50782 * CVE-2024-41996 CVSS scores: * CVE-2023-50782 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-41996 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) * CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3766=1 openSUSE-SLE-15.5-2024-3766=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3766=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl-3-devel-3.0.8-150500.5.48.1 * openssl-3-debugsource-3.0.8-150500.5.48.1 * libopenssl3-debuginfo-3.0.8-150500.5.48.1 * openssl-3-3.0.8-150500.5.48.1 * libopenssl3-3.0.8-150500.5.48.1 * openssl-3-debuginfo-3.0.8-150500.5.48.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-3-devel-32bit-3.0.8-150500.5.48.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.48.1 * libopenssl3-32bit-3.0.8-150500.5.48.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.48.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl-3-devel-64bit-3.0.8-150500.5.48.1 * libopenssl3-64bit-3.0.8-150500.5.48.1 * libopenssl3-64bit-debuginfo-3.0.8-150500.5.48.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-3-devel-3.0.8-150500.5.48.1 * openssl-3-debugsource-3.0.8-150500.5.48.1 * libopenssl3-debuginfo-3.0.8-150500.5.48.1 * openssl-3-3.0.8-150500.5.48.1 * libopenssl3-3.0.8-150500.5.48.1 * openssl-3-debuginfo-3.0.8-150500.5.48.1 ## References: * https://www.suse.com/security/cve/CVE-2023-50782.html * https://www.suse.com/security/cve/CVE-2024-41996.html * https://bugzilla.suse.com/show_bug.cgi?id=1220262 * https://bugzilla.suse.com/show_bug.cgi?id=1230698 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 08:30:26 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 08:30:26 -0000 Subject: SUSE-SU-2024:3765-1: moderate: Security update for openssl-1_1 Message-ID: <173019062613.7152.9268544686442376203@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2024:3765-1 Release Date: 2024-10-29T01:34:21Z Rating: moderate References: * bsc#1220262 Cross-References: * CVE-2023-50782 CVSS scores: * CVE-2023-50782 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3765=1 openSUSE-SLE-15.5-2024-3765=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3765=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3765=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3765=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-debuginfo-1.1.1l-150500.17.37.1 * openssl-1_1-1.1.1l-150500.17.37.1 * libopenssl1_1-hmac-1.1.1l-150500.17.37.1 * openssl-1_1-debugsource-1.1.1l-150500.17.37.1 * libopenssl-1_1-devel-1.1.1l-150500.17.37.1 * libopenssl1_1-1.1.1l-150500.17.37.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.37.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.37.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1 * libopenssl1_1-32bit-1.1.1l-150500.17.37.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.37.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.37.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.37.1 * libopenssl1_1-64bit-1.1.1l-150500.17.37.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.37.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.37.1 * openssl-1_1-1.1.1l-150500.17.37.1 * libopenssl1_1-hmac-1.1.1l-150500.17.37.1 * openssl-1_1-debugsource-1.1.1l-150500.17.37.1 * libopenssl-1_1-devel-1.1.1l-150500.17.37.1 * libopenssl1_1-1.1.1l-150500.17.37.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.37.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.37.1 * openssl-1_1-1.1.1l-150500.17.37.1 * libopenssl1_1-hmac-1.1.1l-150500.17.37.1 * openssl-1_1-debugsource-1.1.1l-150500.17.37.1 * libopenssl-1_1-devel-1.1.1l-150500.17.37.1 * libopenssl1_1-1.1.1l-150500.17.37.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.37.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.37.1 * openssl-1_1-1.1.1l-150500.17.37.1 * libopenssl1_1-hmac-1.1.1l-150500.17.37.1 * openssl-1_1-debugsource-1.1.1l-150500.17.37.1 * libopenssl-1_1-devel-1.1.1l-150500.17.37.1 * libopenssl1_1-1.1.1l-150500.17.37.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.37.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.37.1 * libopenssl1_1-32bit-1.1.1l-150500.17.37.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-50782.html * https://bugzilla.suse.com/show_bug.cgi?id=1220262 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 16:30:14 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 16:30:14 -0000 Subject: SUSE-SU-2024:3774-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3) Message-ID: <173021941442.7152.11667717221826899576@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3774-1 Release Date: 2024-10-29T15:04:01Z Rating: important References: * bsc#1223683 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-26923 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3774=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3774=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_45-debugsource-4-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-4-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_164-default-4-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_164-preempt-4-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-4-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_164-default-4-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 16:30:20 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 16:30:20 -0000 Subject: SUSE-SU-2024:3773-1: important: Security update for go1.23-openssl Message-ID: <173021942000.7152.12256044206831819764@smelt2.prg2.suse.org> # Security update for go1.23-openssl Announcement ID: SUSE-SU-2024:3773-1 Release Date: 2024-10-29T13:54:32Z Rating: important References: * bsc#1229122 * bsc#1230252 * bsc#1230253 * bsc#1230254 * jsc#SLE-18320 Cross-References: * CVE-2024-34155 * CVE-2024-34156 * CVE-2024-34158 CVSS scores: * CVE-2024-34155 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34156 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34158 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34158 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for go1.23-openssl fixes the following issues: This update ships go1.23-openssl version 1.23.2.2. (jsc#SLE-18320) * go1.23.2 (released 2024-10-01) includes fixes to the compiler, cgo, the runtime, and the maps, os, os/exec, time, and unique packages. * go#69119 os: double close pidfd if caller uses pidfd updated by os.StartProcess * go#69156 maps: segmentation violation in maps.Clone * go#69219 cmd/cgo: alignment issue with int128 inside of a struct * go#69240 unique: fatal error: found pointer to free object * go#69333 runtime,time: timer.Stop returns false even when no value is read from the channel * go#69383 unique: large string still referenced, after interning only a small substring * go#69402 os/exec: resource leak on exec failure * go#69511 cmd/compile: mysterious crashes and non-determinism with range over func * Update to version 1.23.1.1 cut from the go1.23-fips-release branch at the revision tagged go1.23.1-1-openssl-fips. * Update to Go 1.23.1 (#238) * go1.23.1 (released 2024-09-05) includes security fixes to the encoding/gob, go/build/constraint, and go/parser packages, as well as bug fixes to the compiler, the go command, the runtime, and the database/sql, go/types, os, runtime/trace, and unique packages. CVE-2024-34155 CVE-2024-34156 CVE-2024-34158: * go#69143 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions * go#69145 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode * go#69149 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse * go#68812 os: TestChtimes failures * go#68894 go/types: 'under' panics on Alias type * go#68905 cmd/compile: error in Go 1.23.0 with generics, type aliases and indexing * go#68907 os: CopyFS overwrites existing file in destination. * go#68973 cmd/cgo: aix c-archive corrupting stack * go#68992 unique: panic when calling unique.Make with string casted as any * go#68994 cmd/go: any invocation creates read-only telemetry configuration file under GOMODCACHE * go#68995 cmd/go: multi-arch build via qemu fails to exec go binary * go#69041 database/sql: panic in database/sql.(*connRequestSet).deleteIndex * go#69087 runtime/trace: crash during traceAdvance when collecting call stack for cgo-calling goroutine * go#69094 cmd/go: breaking change in 1.23rc2 with version constraints in GOPATH mode * go1.23 (released 2024-08-13) is a major release of Go. go1.23.x minor releases will be provided through August 2025. https://github.com/golang/go/wiki/Go-Release-Cycle go1.23 arrives six months after go1.22. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: Go 1.23 makes the (Go 1.22) "range-over-func" experiment a part of the language. The "range" clause in a "for-range" loop now accepts iterator functions of the following types: func(func() bool) func(func(K) bool) func(func(K, V) bool) as range expressions. Calls of the iterator argument function produce the iteration values for the "for-range" loop. For details see the iter package documentation and the language spec. For motivation see the 2022 "range-over-func" discussion. * Language change: Go 1.23 includes preview support for generic type aliases. Building the toolchain with GOEXPERIMENT=aliastypeparams enables this feature within a package. (Using generic alias types across package boundaries is not yet supported.) * Opt-in Telemetry: Starting in Go 1.23, the Go toolchain can collect usage and breakage statistics that help the Go team understand how the Go toolchain is used and how well it is working. We refer to these statistics as Go telemetry. Go telemetry is an opt-in system, controlled by the go telemetry command. By default, the toolchain programs collect statistics in counter files that can be inspected locally but are otherwise unused (go telemetry local). To help us keep Go working well and understand Go usage, please consider opting in to Go telemetry by running go telemetry on. In that mode, anonymous counter reports are uploaded to telemetry.go.dev weekly, where they are aggregated into graphs and also made available for download by any Go contributors or users wanting to analyze the data. See "Go Telemetry" for more details about the Go Telemetry system. * go command: Setting the GOROOT_FINAL environment variable no longer has an effect (#62047). Distributions that install the go command to a location other than $GOROOT/bin/go should install a symlink instead of relocating or copying the go binary. * go command: The new go env -changed flag causes the command to print only those settings whose effective value differs from the default value that would be obtained in an empty environment with no prior uses of the -w flag. * go command: The new go mod tidy -diff flag causes the command not to modify the files but instead print the necessary changes as a unified diff. It exits with a non-zero code if updates are needed. * go command: The go list -m -json command now includes new Sum and GoModSum fields. This is similar to the existing behavior of the go mod download -json command. * go command: The new godebug directive in go.mod and go.work declares a GODEBUG setting to apply for the work module or workspace in use. * go vet: The go vet subcommand now includes the stdversion analyzer, which flags references to symbols that are too new for the version of Go in effect in the referring file. (The effective version is determined by the go directive in the file's enclosing go.mod file, and by any //go:build constraints in the file.) For example, it will report a diagnostic for a reference to the reflect.TypeFor function (introduced in go1.22) from a file in a module whose go.mod file specifies go 1.21. * cgo: cmd/cgo supports the new -ldflags flag for passing flags to the C linker. The go command uses it automatically, avoiding "argument list too long" errors with a very large CGO_LDFLAGS. * go trace: The trace tool now better tolerates partially broken traces by attempting to recover what trace data it can. This functionality is particularly helpful when viewing a trace that was collected during a program crash, since the trace data leading up to the crash will now be recoverable under most circumstances. * Runtime: The traceback printed by the runtime after an unhandled panic or other fatal error now indents the second and subsequent lines of the error message (for example, the argument to panic) by a single tab, so that it can be unambiguously distinguished from the stack trace of the first goroutine. See go#64590 for discussion. * Compiler: The build time overhead to building with Profile Guided Optimization has been reduced significantly. Previously, large builds could see 100%+ build time increase from enabling PGO. In Go 1.23, overhead should be in the single digit percentages. * Compiler: The compiler in Go 1.23 can now overlap the stack frame slots of local variables accessed in disjoint regions of a function, which reduces stack usage for Go applications. * Compiler: For 386 and amd64, the compiler will use information from PGO to align certain hot blocks in loops. This improves performance an additional 1-1.5% at a cost of an additional 0.1% text and binary size. This is currently only implemented on 386 and amd64 because it has not shown an improvement on other platforms. Hot block alignment can be disabled with -gcflags=[=]-d=alignhot=0. * Linker: The linker now disallows using a //go:linkname directive to refer to internal symbols in the standard library (including the runtime) that are not marked with //go:linkname on their definitions. Similarly, the linker disallows references to such symbols from assembly code. For backward compatibility, existing usages of //go:linkname found in a large open-source code corpus remain supported. Any new references to standard library internal symbols will be disallowed. * Linker: A linker command line flag -checklinkname=0 can be used to disable this check, for debugging and experimenting purposes. * Linker: When building a dynamically linked ELF binary (including PIE binary), the new -bindnow flag enables immediate function binding. * Standard library changes: * timer: 1.23 makes two significant changes to the implementation of time.Timer and time.Ticker. First, Timers and Tickers that are no longer referred to by the program become eligible for garbage collection immediately, even if their Stop methods have not been called. Earlier versions of Go did not collect unstopped Timers until after they had fired and never collected unstopped Tickers. Second, the timer channel associated with a Timer or Ticker is now unbuffered, with capacity 0. The main effect of this change is that Go now guarantees that for any call to a Reset or Stop method, no stale values prepared before that call will be sent or received after the call. Earlier versions of Go used channels with a one- element buffer, making it difficult to use Reset and Stop correctly. A visible effect of this change is that len and cap of timer channels now returns 0 instead of 1, which may affect programs that poll the length to decide whether a receive on the timer channel will succeed. Such code should use a non-blocking receive instead. These new behaviors are only enabled when the main Go program is in a module with a go.mod go line using Go 1.23.0 or later. When Go 1.23 builds older programs, the old behaviors remain in effect. The new GODEBUG setting asynctimerchan=1 can be used to revert back to asynchronous channel behaviors even when a program names Go 1.23.0 or later in its go.mod file. * unique: The new unique package provides facilities for canonicalizing values (like "interning" or "hash-consing"). Any value of comparable type may be canonicalized with the new Make[T] function, which produces a reference to a canonical copy of the value in the form of a Handle[T]. Two Handle[T] are equal if and only if the values used to produce the handles are equal, allowing programs to deduplicate values and reduce their memory footprint. Comparing two Handle[T] values is efficient, reducing down to a simple pointer comparison. * iter: The new iter package provides the basic definitions for working with user-defined iterators. * slices: The slices package adds several functions that work with iterators: * All returns an iterator over slice indexes and values. * Values returns an iterator over slice elements. * Backward returns an iterator that loops over a slice backward. * Collect collects values from an iterator into a new slice. * AppendSeq appends values from an iterator to an existing slice. * Sorted collects values from an iterator into a new slice, and then sorts the slice. * SortedFunc is like Sorted but with a comparison function. * SortedStableFunc is like SortFunc but uses a stable sort algorithm. * Chunk returns an iterator over consecutive sub-slices of up to n elements of a slice. * maps: The maps package adds several functions that work with iterators: * All returns an iterator over key-value pairs from a map. * Keys returns an iterator over keys in a map. * Values returns an iterator over values in a map. * Insert adds the key-value pairs from an iterator to an existing map. * Collect collects key-value pairs from an iterator into a new map and returns it. * structs: The new structs package provides types for struct fields that modify properties of the containing struct type such as memory layout. In this release, the only such type is HostLayout which indicates that a structure with a field of that type has a layout that conforms to host platform expectations. * Minor changes to the standard library: As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. * archive/tar: If the argument to FileInfoHeader implements the new FileInfoNames interface, then the interface methods will be used to set the Uname/Gname of the file header. This allows applications to override the system-dependent Uname/Gname lookup. * crypto/tls: The TLS client now supports the Encrypted Client Hello draft specification. This feature can be enabled by setting the Config.EncryptedClientHelloConfigList field to an encoded ECHConfigList for the host that is being connected to. * crypto/tls: The QUICConn type used by QUIC implementations includes new events reporting on the state of session resumption, and provides a way for the QUIC layer to add data to session tickets and session cache entries. * crypto/tls: 3DES cipher suites were removed from the default list used when Config.CipherSuites is nil. The default can be reverted by adding tls3des=1 to the GODEBUG environment variable. * crypto/tls: The experimental post-quantum key exchange mechanism X25519Kyber768Draft00 is now enabled by default when Config.CurvePreferences is nil. The default can be reverted by adding tlskyber=0 to the GODEBUG environment variable. * crypto/tls: Go 1.23 changed the behavior of X509KeyPair and LoadX509KeyPair to populate the Certificate.Leaf field of the returned Certificate. The new x509keypairleaf GODEBUG setting is added for this behavior. * crypto/x509: CreateCertificateRequest now correctly supports RSA-PSS signature algorithms. * crypto/x509: CreateCertificateRequest and CreateRevocationList now verify the generated signature using the signer's public key. If the signature is invalid, an error is returned. This has been the behavior of CreateCertificate since Go 1.16. * crypto/x509: The x509sha1 GODEBUG setting will be removed in the next Go major release (Go 1.24). This will mean that crypto/x509 will no longer support verifying signatures on certificates that use SHA-1 based signature algorithms. * crypto/x509: The new ParseOID function parses a dot-encoded ASN.1 Object Identifier string. The OID type now implements the encoding.BinaryMarshaler, encoding.BinaryUnmarshaler, encoding.TextMarshaler, encoding.TextUnmarshaler interfaces. database/sql * crypto/x509: Errors returned by driver.Valuer implementations are now wrapped for improved error handling during operations like DB.Query, DB.Exec, and DB.QueryRow. * debug/elf: The debug/elf package now defines PT_OPENBSD_NOBTCFI. This ProgType is used to disable Branch Tracking Control Flow Integrity (BTCFI) enforcement on OpenBSD binaries. * debug/elf: Now defines the symbol type constants STT_RELC, STT_SRELC, and STT_GNU_IFUNC. * encoding/binary The new Encode and Decode functions are byte slice equivalents to Read and Write. Append allows marshaling multiple data into the same byte slice. * go/ast: The new Preorder function returns a convenient iterator over all the nodes of a syntax tree. * go/types: The Func type, which represents a function or method symbol, now has a Func.Signature method that returns the function's type, which is always a Signature. * go/types: The Alias type now has an Rhs method that returns the type on the right-hand side of its declaration: given type A = B, the Rhs of A is B. (go#66559) * go/types: The methods Alias.Origin, Alias.SetTypeParams, Alias.TypeParams, and Alias.TypeArgs have been added. They are needed for generic alias types. * go/types: By default, go/types now produces Alias type nodes for type aliases. This behavior can be controlled by the GODEBUG gotypesalias flag. Its default has changed from 0 in Go 1.22 to 1 in Go 1.23. * math/rand/v2: The Uint function and Rand.Uint method have been added. They were inadvertently left out of Go 1.22. * math/rand/v2: The new ChaCha8.Read method implements the io.Reader interface. * net: The new type KeepAliveConfig permits fine-tuning the keep-alive options for TCP connections, via a new TCPConn.SetKeepAliveConfig method and new KeepAliveConfig fields for Dialer and ListenConfig. * net: The DNSError type now wraps errors caused by timeouts or cancellation. For example, errors.Is(someDNSErr, context.DeadlineExceedeed) will now report whether a DNS error was caused by a timeout. * net: The new GODEBUG setting netedns0=0 disables sending EDNS0 additional headers on DNS requests, as they reportedly break the DNS server on some modems. * net/http: Cookie now preserves double quotes surrounding a cookie value. The new Cookie.Quoted field indicates whether the Cookie.Value was originally quoted. * net/http: The new Request.CookiesNamed method retrieves all cookies that match the given name. * net/http: The new Cookie.Partitioned field identifies cookies with the Partitioned attribute. * net/http: The patterns used by ServeMux now allow one or more spaces or tabs after the method name. Previously, only a single space was permitted. * net/http: The new ParseCookie function parses a Cookie header value and returns all the cookies which were set in it. Since the same cookie name can appear multiple times the returned Values can contain more than one value for a given key. * net/http: The new ParseSetCookie function parses a Set-Cookie header value and returns a cookie. It returns an error on syntax error. * net/http: ServeContent, ServeFile, and ServeFileFS now remove the Cache- Control, Content-Encoding, Etag, and Last-Modified headers when serving an error. These headers usually apply to the non-error content, but not to the text of errors. * net/http: Middleware which wraps a ResponseWriter and applies on-the-fly encoding, such as Content-Encoding: gzip, will not function after this change. The previous behavior of ServeContent, ServeFile, and ServeFileFS may be restored by setting GODEBUG=httpservecontentkeepheaders=1. Note that middleware which changes the size of the served content (such as by compressing it) already does not function properly when ServeContent handles a Range request. On-the-fly compression should use the Transfer-Encoding header instead of Content-Encoding. * net/http: For inbound requests, the new Request.Pattern field contains the ServeMux pattern (if any) that matched the request. This field is not set when GODEBUG=httpmuxgo121=1 is set. * net/http/httptest: The new NewRequestWithContext method creates an incoming request with a context.Context. * net/netip: In Go 1.22 and earlier, using reflect.DeepEqual to compare an Addr holding an IPv4 address to one holding the IPv4-mapped IPv6 form of that address incorrectly returned true, even though the Addr values were different when comparing with == or Addr.Compare. This bug is now fixed and all three approaches now report the same result. * os: The Stat function now sets the ModeSocket bit for files that are Unix sockets on Windows. These files are identified by having a reparse tag set to IO_REPARSE_TAG_AF_UNIX. * os: On Windows, the mode bits reported by Lstat and Stat for reparse points changed. Mount points no longer have ModeSymlink set, and reparse points that are not symlinks, Unix sockets, or dedup files now always have ModeIrregular set. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * os: The CopyFS function copies an io/fs.FS into the local filesystem. * os: On Windows, Readlink no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * os: On Linux with pidfd support (generally Linux v5.4+), Process-related functions and methods use pidfd (rather than PID) internally, eliminating potential mistargeting when a PID is reused by the OS. Pidfd support is fully transparent to a user, except for additional process file descriptors that a process may have. * path/filepath: The new Localize function safely converts a slash-separated path into an operating system path. * path/filepath: On Windows, EvalSymlinks no longer evaluates mount points, which was a source of many inconsistencies and bugs. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * path/filepath: On Windows, EvalSymlinks no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * reflect: The new methods synonymous with the methods of the same name in Value are added to Type: * Type.OverflowComplex * Type.OverflowFloat * Type.OverflowInt * Type.OverflowUint * reflect: The new SliceAt function is analogous to NewAt, but for slices. * reflect: The Value.Pointer and Value.UnsafePointer methods now support values of kind String. * reflect: The new methods Value.Seq and Value.Seq2 return sequences that iterate over the value as though it were used in a for/range loop. The new methods Type.CanSeq and Type.CanSeq2 report whether calling Value.Seq and Value.Seq2, respectively, will succeed without panicking. * runtime/debug: The SetCrashOutput function allows the user to specify an alternate file to which the runtime should write its fatal crash report. It may be used to construct an automated reporting mechanism for all unexpected crashes, not just those in goroutines that explicitly use recover. * runtime/pprof: The maximum stack depth for alloc, mutex, block, threadcreate and goroutine profiles has been raised from 32 to 128 frames. * runtime/trace: The runtime now explicitly flushes trace data when a program crashes due to an uncaught panic. This means that more complete trace data will be available in a trace if the program crashes while tracing is active. * slices: The Repeat function returns a new slice that repeats the provided slice the given number of times. * sync: The Map.Clear method deletes all the entries, resulting in an empty Map. It is analogous to clear. * sync/atomic: The new And and Or operators apply a bitwise AND or OR to the given input, returning the old value. * syscall: The syscall package now defines WSAENOPROTOOPT on Windows. * syscall: The GetsockoptInt function is now supported on Windows. * testing/fstest: TestFS now returns a structured error that can be unwrapped (via method Unwrap() []error). This allows inspecting errors using errors.Is or errors.As. * text/template: Templates now support the new "else with" action, which reduces template complexity in some use cases. * time: Parse and ParseInLocation now return an error if the time zone offset is out of range. * unicode/utf16: The RuneLen function returns the number of 16-bit words in the UTF-16 encoding of the rune. It returns -1 if the rune is not a valid value to encode in UTF-16. * Port: Darwin: As announced in the Go 1.22 release notes, Go 1.23 requires macOS 11 Big Sur or later; support for previous versions has been discontinued. * Port: Linux: Go 1.23 is the last release that requires Linux kernel version 2.6.32 or later. Go 1.24 will require Linux kernel version 3.17 or later, with an exception that systems running 3.10 or later will continue to be supported if the kernel has been patched to support the getrandom system call. * Port: OpenBSD: Go 1.23 adds experimental support for OpenBSD on 64-bit RISC-V (GOOS=openbsd, GOARCH=riscv64). * Port: ARM64: Go 1.23 introduces a new GOARM64 environment variable, which specifies the minimum target version of the ARM64 architecture at compile time. Allowed values are v8.{0-9} and v9.{0-5}. This may be followed by an option specifying extensions implemented by target hardware. Valid options are ,lse and ,crypto. The GOARM64 environment variable defaults to v8.0. * Port: RISC-V: Go 1.23 introduces a new GORISCV64 environment variable, which selects the RISC-V user-mode application profile for which to compile. Allowed values are rva20u64 and rva22u64. The GORISCV64 environment variable defaults to rva20u64. * Port: Wasm: The go_wasip1_wasm_exec script in GOROOT/misc/wasm has dropped support for versions of wasmtime < 14.0.0. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3773=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3773=1 ## Package List: * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.23-openssl-doc-1.23.2.2-150000.1.3.1 * go1.23-openssl-debuginfo-1.23.2.2-150000.1.3.1 * go1.23-openssl-1.23.2.2-150000.1.3.1 * go1.23-openssl-race-1.23.2.2-150000.1.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.23-openssl-doc-1.23.2.2-150000.1.3.1 * go1.23-openssl-debuginfo-1.23.2.2-150000.1.3.1 * go1.23-openssl-1.23.2.2-150000.1.3.1 * go1.23-openssl-race-1.23.2.2-150000.1.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-34155.html * https://www.suse.com/security/cve/CVE-2024-34156.html * https://www.suse.com/security/cve/CVE-2024-34158.html * https://bugzilla.suse.com/show_bug.cgi?id=1229122 * https://bugzilla.suse.com/show_bug.cgi?id=1230252 * https://bugzilla.suse.com/show_bug.cgi?id=1230253 * https://bugzilla.suse.com/show_bug.cgi?id=1230254 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 16:30:35 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 16:30:35 -0000 Subject: SUSE-SU-2024:3772-1: important: Security update for go1.22-openssl Message-ID: <173021943503.7152.7108752050569055777@smelt2.prg2.suse.org> # Security update for go1.22-openssl Announcement ID: SUSE-SU-2024:3772-1 Release Date: 2024-10-29T13:54:03Z Rating: important References: * bsc#1218424 * bsc#1219988 * bsc#1220999 * bsc#1221000 * bsc#1221001 * bsc#1221002 * bsc#1221003 * bsc#1221400 * bsc#1224017 * bsc#1224018 * bsc#1225973 * bsc#1225974 * bsc#1227314 * bsc#1230252 * bsc#1230253 * bsc#1230254 * jsc#PED-1962 * jsc#SLE-18320 Cross-References: * CVE-2023-45288 * CVE-2023-45289 * CVE-2023-45290 * CVE-2024-24783 * CVE-2024-24784 * CVE-2024-24785 * CVE-2024-24787 * CVE-2024-24788 * CVE-2024-24789 * CVE-2024-24790 * CVE-2024-24791 * CVE-2024-34155 * CVE-2024-34156 * CVE-2024-34158 CVSS scores: * CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45289 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45290 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24783 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24784 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24787 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-24788 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-24789 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24789 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24790 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L * CVE-2024-24790 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-24791 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34155 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34156 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34158 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34158 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 14 vulnerabilities, contains two features and has two security fixes can now be installed. ## Description: This update for go1.22-openssl fixes the following issues: This update ships go1.22-openssl 1.22.7.1 (jsc#SLE-18320) * Update to version 1.22.7.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.7-1-openssl-fips. * Update to Go 1.22.7 (#229) * go1.22.7 (released 2024-09-05) includes security fixes to the encoding/gob, go/build/constraint, and go/parser packages, as well as bug fixes to the fix command and the runtime. CVE-2024-34155 CVE-2024-34156 CVE-2024-34158: \- go#69142 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions (CVE-2024-34155) \- go#69144 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2024-34156) \- go#69148 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse (CVE-2024-34158) \- go#68811 os: TestChtimes failures \- go#68825 cmd/fix: fails to run on modules whose go directive value is in "1.n.m" format introduced in Go 1.21.0 \- go#68972 cmd/cgo: aix c-archive corrupting stack * go1.22.6 (released 2024-08-06) includes fixes to the go command, the compiler, the linker, the trace command, the covdata command, and the bytes, go/types, and os/exec packages. * go#68594 cmd/compile: internal compiler error with zero-size types * go#68546 cmd/trace/v2: pprof profiles always empty * go#68492 cmd/covdata: too many open files due to defer f.Close() in for loop * go#68475 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm * go#68370 go/types: assertion failure in recent range statement checking logic * go#68331 os/exec: modifications to Path ignored when *Cmd is created using Command with an absolute path on Windows * go#68230 cmd/compile: inconsistent integer arithmetic result on Go 1.22+arm64 with/without -race * go#68222 cmd/go: list with -export and -covermode=atomic fails to build * go#68198 cmd/link: issues with Xcode 16 beta * Update to version 1.22.5.3 cut from the go1.22-fips-release branch at the revision tagged go1.22.5-3-openssl-fips. * Only load openssl if fips == "1" Avoid loading openssl whenever GOLANG_FIPS is not 1. Previously only an unset variable would cause the library load to be skipped, but users may also expect to be able to set eg. GOLANG_FIPS=0 in environments without openssl. * Update to version 1.22.5.2 cut from the go1.22-fips-release branch at the revision tagged go1.22.5-2-openssl-fips. * Only load OpenSSL when in FIPS mode * Update to version 1.22.5.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.5-1-openssl-fips. * Update to go1.22.5 * go1.22.5 (released 2024-07-02) includes security fixes to the net/http package, as well as bug fixes to the compiler, cgo, the go command, the linker, the runtime, and the crypto/tls, go/types, net, net/http, and os/exec packages. CVE-2024-24791: * go#68200 go#67555 bsc#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways * go#65983 cmd/compile: hash of unhashable type * go#65994 crypto/tls: segfault when calling tlsrsakex.IncNonDefault() * go#66598 os/exec: calling Cmd.Start after setting Cmd.Path manually to absolute path without ".exe" no longer implicitly adds ".exe" in Go 1.22 * go#67298 runtime: "fatal: morestack on g0" on amd64 after upgrade to Go 1.21, stale bounds * go#67715 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders * go#67798 cmd/compile: internal compiler error: unexpected type: () in for-range * go#67820 cmd/compile: package- level variable initialization with constant dependencies doesn't match order specified in Go spec * go#67850 go/internal/gccgoimporter: go building failing with gcc 14.1.0 * go#67934 net: go DNS resolver fails to connect to local DNS server * go#67945 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure * go#68052 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N) * go#68122 cmd/link: runtime.mach_vm_region_trampoline: unsupported dynamic relocation for symbol libc_mach_task_self_ (type=29 (R_GOTPCREL) stype=46 (SDYNIMPORT)) * Update to version 1.22.4.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.4-1-openssl-fips. * Update to go1.22.4 * go1.22.4 (released 2024-06-04) includes security fixes to the archive/zip and net/netip packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the os package. CVE-2024-24789 CVE-2024-24790: * go#67554 go#66869 bsc#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations * go#67682 go#67680 bsc#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses * go#67188 runtime/metrics: /memory/classes/heap/unused:bytes spikes * go#67212 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64 * go#67236 cmd/go: mod tidy reports toolchain not available with 'go 1.21' * go#67258 runtime: unexpected fault address 0 * go#67311 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally * go#67314 cmd/go,cmd/link: TestScript/build_issue48319 and TestScript/build_plugin_reproducible failing on LUCI gotip-darwin-amd64-longtest builder due to non-reproducible LC_UUID * go#67352 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections * go#67460 cmd/compile: internal compiler error: panic with range over integer value * go#67527 cmd/link: panic: machorelocsect: size mismatch * go#67650 runtime: SIGSEGV after performing clone(CLONE_PARENT) via C constructor prior to runtime start * go#67696 os: RemoveAll susceptible to symlink race * Update to version 1.22.3.3 cut from the go1.22-fips-release branch at the revision tagged go1.22.3-3-openssl-fips. * config: update openssl backend (#201) * Update to version 1.22.3.2 cut from the go1.22-fips-release branch at the revision tagged go1.22.3-2-openssl-fips. * patches: restore signature of HashSign/HashVerify (#199) * Update to version 1.22.3.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.3-1-openssl-fips. * Update to go1.22.3 * fix: rename patch file * Backport change https://go-review.googlesource.com/c/go/+/554615 to Go1.22 (#193) runtime: crash asap and extend total sleep time for slow machine in test Running with few threads usually does not need 500ms to crash, so let it crash as soon as possible. While the test may caused more time on slow machine, try to expand the sleep time in test. * cmd/go: re-enable CGO for Go toolchain commands (#190) * crypto/ecdsa: Restore HashSign and HashVerify (#189) * go1.22.3 (released 2024-05-07) includes security fixes to the go command and the net package, as well as bug fixes to the compiler, the runtime, and the net/http package. CVE-2024-24787 CVE-2024-24788: * go#67122 go#67119 bsc#1224017 security: fix CVE-2024-24787 cmd/go: arbitrary code execution during build on darwin * go#67040 go#66754 bsc#1224018 security: fix CVE-2024-24788 net: high cpu usage in extractExtendedRCode * go#67018 cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le * go#67017 cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE * go#66886 runtime: deterministic fallback hashes across process boundary * go#66698 net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net at v0.23.0 * Update to version 1.22.2.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.2-1-openssl-fips. * Update to go1.22.2 * go1.22.2 (released 2024-04-03) includes a security fix to the net/http package, as well as bug fixes to the compiler, the go command, the linker, and the encoding/gob, go/types, net/http, and runtime/trace packages. CVE-2023-45288: * go#66298 go#65051 bsc#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers * go#65858 cmd/compile: unreachable panic with GODEBUG=gotypesalias=1 * go#66060 cmd/link: RISC-V external link, failed to find text symbol for HI20 relocation * go#66076 cmd/compile: out-of-bounds panic with uint32 conversion and modulus operation in Go 1.22.0 on arm64 * go#66134 cmd/compile: go test . results in CLOSURE ... : internal compiler error: assertion failed * go#66137 cmd/go: go 1.22.0: go test throws errors when processing folders not listed in coverpkg argument * go#66178 cmd/compile: ICE: panic: interface conversion: ir.Node is _ir.ConvExpr, not_ ir.IndexExpr * go#66201 runtime/trace: v2 traces contain an incorrect timestamp scaling factor on Windows * go#66255 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock * go#66256 cmd/go: git shallow fetches broken at CL 556358 * go#66273 crypto/x509: Certificate no longer encodable using encoding/gob in Go1.22 * go#66412 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le * Update to version 1.22.1.2 cut from the go1.22-fips-release branch at the revision tagged go1.22.1-2-openssl-fips. * config: Update openssl v2 module (#178) * Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. * Continue to build experimental libstd only on go1.x Tumbleweed. * Removal fixes build errors on go1.x-openssl Factory and ALP. * Use of libstd.so is experimental and not recommended for general use, Go currently has no ABI. * Feature go build -buildmode=shared is deprecated by upstream, but not yet removed. * Initial package go1.22-openssl version 1.22.1.1 cut from the go1.22-fips- release branch at the revision tagged go1.22.1-1-openssl-fips. * Go upstream merged branch dev.boringcrypto in go1.19+. * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. * In go1.x-openssl enable FIPS mode (or boring mode as the package is named) either via an environment variable GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. * When the operating system is operating in FIPS mode, Go applications which import crypto/tls/fipsonly limit operations to the FIPS ciphersuite. * go1.x-openssl is delivered as two large patches to go1.x applying necessary modifications from the golang-fips/go GitHub project for the Go crypto library to use OpenSSL as the external cryptographic library in a FIPS compliant way. * go1.x-openssl modifies the crypto/* packages to use OpenSSL for cryptographic operations. * go1.x-openssl uses dlopen() to call into OpenSSL. * SUSE RPM packaging introduces a fourth version digit go1.x.y.z corresponding to the golang-fips/go patchset tagged revision. * Patchset improvements can be updated independently of upstream Go maintenance releases. * go1.22.1 (released 2024-03-05) includes security fixes to the crypto/x509, html/template, net/http, net/http/cookiejar, and net/mail packages, as well as bug fixes to the compiler, the go command, the runtime, the trace command, and the go/types and net/http packages. CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785: * go#65831 go#65390 bsc#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm * go#65849 go#65083 bsc#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled * go#65850 go#65383 bsc#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm * go#65859 go#65065 bsc#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect * go#65969 go#65697 bsc#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping * go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders * go#65474 internal/testenv: support LUCI mobile builders in testenv tests * go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently * go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change * go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0 * go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing * go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer * go#65728 go/types: nil pointer dereference in Alias.Underlying() * go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22 * go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux * go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer * go#65852 cmd/go: "missing ziphash" error with go.work * go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms * bsc#1219988 ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack * go1.22 (released 2024-02-06) is a major release of Go. go1.22.x minor releases will be provided through February 2024. https://github.com/golang/go/wiki/Go-Release-Cycle go1.22 arrives six months after go1.21. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: go1.22 makes two changes to for loops. Previously, the variables declared by a for loop were created once and updated by each iteration. In go1.22, each iteration of the loop creates new variables, to avoid accidental sharing bugs. The transition support tooling described in the proposal continues to work in the same way it did in Go 1.21. * Language change: For loops may now range over integers * Language change: go1.22 includes a preview of a language change we are considering for a future version of Go: range-over-function iterators. Building with GOEXPERIMENT=rangefunc enables this feature. * go command: Commands in workspaces can now use a vendor directory containing the dependencies of the workspace. The directory is created by go work vendor, and used by build commands when the -mod flag is set to vendor, which is the default when a workspace vendor directory is present. Note that the vendor directory's contents for a workspace are different from those of a single module: if the directory at the root of a workspace also contains one of the modules in the workspace, its vendor directory can contain the dependencies of either the workspace or of the module, but not both. * go get is no longer supported outside of a module in the legacy GOPATH mode (that is, with GO111MODULE=off). Other build commands, such as go build and go test, will continue to work indefinitely for legacy GOPATH programs. * go mod init no longer attempts to import module requirements from configuration files for other vendoring tools (such as Gopkg.lock). * go test -cover now prints coverage summaries for covered packages that do not have their own test files. Prior to Go 1.22 a go test -cover run for such a package would report: ? mymod/mypack [no test files] and now with go1.22, functions in the package are treated as uncovered: mymod/mypack coverage: 0.0% of statements Note that if a package contains no executable code at all, we can't report a meaningful coverage percentage; for such packages the go tool will continue to report that there are no test files. * trace: The trace tool's web UI has been gently refreshed as part of the work to support the new tracer, resolving several issues and improving the readability of various sub-pages. The web UI now supports exploring traces in a thread-oriented view. The trace viewer also now displays the full duration of all system calls. These improvements only apply for viewing traces produced by programs built with go1.22 or newer. A future release will bring some of these improvements to traces produced by older version of Go. * vet: References to loop variables The behavior of the vet tool has changed to match the new semantics (see above) of loop variables in go1.22. When analyzing a file that requires go1.22 or newer (due to its go.mod file or a per-file build constraint), vetcode> no longer reports references to loop variables from within a function literal that might outlive the iteration of the loop. In Go 1.22, loop variables are created anew for each iteration, so such references are no longer at risk of using a variable after it has been updated by the loop. * vet: New warnings for missing values after append The vet tool now reports calls to append that pass no values to be appended to the slice, such as slice = append(slice). Such a statement has no effect, and experience has shown that is nearly always a mistake. * vet: New warnings for deferring time.Since The vet tool now reports a non- deferred call to time.Since(t) within a defer statement. This is equivalent to calling time.Now().Sub(t) before the defer statement, not when the deferred function is called. In nearly all cases, the correct code requires deferring the time.Since call. * vet: New warnings for mismatched key-value pairs in log/slog calls The vet tool now reports invalid arguments in calls to functions and methods in the structured logging package, log/slog, that accept alternating key/value pairs. It reports calls where an argument in a key position is neither a string nor a slog.Attr, and where a final key is missing its value. * runtime: The runtime now keeps type-based garbage collection metadata nearer to each heap object, improving the CPU performance (latency or throughput) of Go programs by 1-3%. This change also reduces the memory overhead of the majority Go programs by approximately 1% by deduplicating redundant metadata. Some programs may see a smaller improvement because this change adjusts the size class boundaries of the memory allocator, so some objects may be moved up a size class. A consequence of this change is that some objects' addresses that were previously always aligned to a 16 byte (or higher) boundary will now only be aligned to an 8 byte boundary. Some programs that use assembly instructions that require memory addresses to be more than 8-byte aligned and rely on the memory allocator's previous alignment behavior may break, but we expect such programs to be rare. Such programs may be built with GOEXPERIMENT=noallocheaders to revert to the old metadata layout and restore the previous alignment behavior, but package owners should update their assembly code to avoid the alignment assumption, as this workaround will be removed in a future release. * runtime: On the windows/amd64 port, programs linking or loading Go libraries built with -buildmode=c-archive or -buildmode=c-shared can now use the SetUnhandledExceptionFilter Win32 function to catch exceptions not handled by the Go runtime. Note that this was already supported on the windows/386 port. * compiler: Profile-guided Optimization (PGO) builds can now devirtualize a higher proportion of calls than previously possible. Most programs from a representative set of Go programs now see between 2 and 14% improvement from enabling PGO. * compiler: The compiler now interleaves devirtualization and inlining, so interface method calls are better optimized. * compiler: go1.22 also includes a preview of an enhanced implementation of the compiler's inlining phase that uses heuristics to boost inlinability at call sites deemed "important" (for example, in loops) and discourage inlining at call sites deemed "unimportant" (for example, on panic paths). Building with GOEXPERIMENT=newinliner enables the new call-site heuristics; see issue #61502 for more info and to provide feedback. * linker: The linker's -s and -w flags are now behave more consistently across all platforms. The -w flag suppresses DWARF debug information generation. The -s flag suppresses symbol table generation. The -s flag also implies the -w flag, which can be negated with -w=0. That is, -s -w=0 will generate a binary with DWARF debug information generation but without the symbol table. * linker: On ELF platforms, the -B linker flag now accepts a special form: with -B gobuildid, the linker will generate a GNU build ID (the ELF NT_GNU_BUILD_ID note) derived from the Go build ID. * linker: On Windows, when building with -linkmode=internal, the linker now preserves SEH information from C object files by copying the .pdata and .xdata sections into the final binary. This helps with debugging and profiling binaries using native tools, such as WinDbg. Note that until now, C functions' SEH exception handlers were not being honored, so this change may cause some programs to behave differently. -linkmode=external is not affected by this change, as external linkers already preserve SEH information. * bootstrap: As mentioned in the Go 1.20 release notes, go1.22 now requires the final point release of Go 1.20 or later for bootstrap. We expect that Go 1.24 will require the final point release of go1.22 or later for bootstrap. * core library: New math/rand/v2 package: go1.22 includes the first ?v2? package in the standard library, math/rand/v2. The changes compared to math/rand are detailed in proposal go#61716. The most important changes are: * The Read method, deprecated in math/rand, was not carried forward for math/rand/v2. (It remains available in math/rand.) The vast majority of calls to Read should use crypto/rand?s Read instead. Otherwise a custom Read can be constructed using the Uint64 method. * The global generator accessed by top-level functions is unconditionally randomly seeded. Because the API guarantees no fixed sequence of results, optimizations like per-thread random generator states are now possible. * The Source interface now has a single Uint64 method; there is no Source64 interface. * Many methods now use faster algorithms that were not possible to adopt in math/rand because they changed the output streams. * The Intn, Int31, Int31n, Int63, and Int64n top-level functions and methods from math/rand are spelled more idiomatically in math/rand/v2: IntN, Int32, Int32N, Int64, and Int64N. There are also new top-level functions and methods Uint32, Uint32N, Uint64, Uint64N, Uint, and UintN. * The new generic function N is like Int64N or Uint64N but works for any integer type. For example a random duration from 0 up to 5 minutes is rand.N(5*time.Minute). * The Mitchell & Reeds LFSR generator provided by math/rand?s Source has been replaced by two more modern pseudo-random generator sources: ChaCha8 PCG. ChaCha8 is a new, cryptographically strong random number generator roughly similar to PCG in efficiency. ChaCha8 is the algorithm used for the top-level functions in math/rand/v2. As of go1.22, math/rand's top-level functions (when not explicitly seeded) and the Go runtime also use ChaCha8 for randomness. * We plan to include an API migration tool in a future release, likely Go 1.23. * core library: New go/version package: The new go/version package implements functions for validating and comparing Go version strings. * core library: Enhanced routing patterns: HTTP routing in the standard library is now more expressive. The patterns used by net/http.ServeMux have been enhanced to accept methods and wildcards. This change breaks backwards compatibility in small ways, some obvious?patterns with "{" and "}" behave differently? and some less so?treatment of escaped paths has been improved. The change is controlled by a GODEBUG field named httpmuxgo121. Set httpmuxgo121=1 to restore the old behavior. * Minor changes to the library As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here. * archive/tar: The new method Writer.AddFS adds all of the files from an fs.FS to the archive. * archive/zip: The new method Writer.AddFS adds all of the files from an fs.FS to the archive. * bufio: When a SplitFunc returns ErrFinalToken with a nil token, Scanner will now stop immediately. Previously, it would report a final empty token before stopping, which was usually not desired. Callers that do want to report a final empty token can do so by returning []byte{} rather than nil. * cmp: The new function Or returns the first in a sequence of values that is not the zero value. * crypto/tls: ConnectionState.ExportKeyingMaterial will now return an error unless TLS 1.3 is in use, or the extended_master_secret extension is supported by both the server and client. crypto/tls has supported this extension since Go 1.20. This can be disabled with the tlsunsafeekm=1 GODEBUG setting. * crypto/tls: By default, the minimum version offered by crypto/tls servers is now TLS 1.2 if not specified with config.MinimumVersion, matching the behavior of crypto/tls clients. This change can be reverted with the tls10server=1 GODEBUG setting. * crypto/tls: By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. This change can be reverted with the tlsrsakex=1 GODEBUG setting. * crypto/x509: The new CertPool.AddCertWithConstraint method can be used to add customized constraints to root certificates to be applied during chain building. * crypto/x509: On Android, root certificates will now be loaded from /data/misc/keychain/certs-added as well as /system/etc/security/cacerts. * crypto/x509: A new type, OID, supports ASN.1 Object Identifiers with individual components larger than 31 bits. A new field which uses this type, Policies, is added to the Certificate struct, and is now populated during parsing. Any OIDs which cannot be represented using a asn1.ObjectIdentifier will appear in Policies, but not in the old PolicyIdentifiers field. When calling CreateCertificate, the Policies field is ignored, and policies are taken from the PolicyIdentifiers field. Using the x509usepolicies=1 GODEBUG setting inverts this, populating certificate policies from the Policies field, and ignoring the PolicyIdentifiers field. We may change the default value of x509usepolicies in Go 1.23, making Policies the default field for marshaling. * database/sql: The new Null[T] type provide a way to scan nullable columns for any column types. * debug/elf: Constant R_MIPS_PC32 is defined for use with MIPS64 systems. Additional R_LARCH_* constants are defined for use with LoongArch systems. * encoding: The new methods AppendEncode and AppendDecode added to each of the Encoding types in the packages encoding/base32, encoding/base64, and encoding/hex simplify encoding and decoding from and to byte slices by taking care of byte slice buffer management. * encoding: The methods base32.Encoding.WithPadding and base64.Encoding.WithPadding now panic if the padding argument is a negative value other than NoPadding. * encoding/json: Marshaling and encoding functionality now escapes '\b' and '\f' characters as \b and \f instead of \u0008 and \u000c. * go/ast: The following declarations related to syntactic identifier resolution are now deprecated: Ident.Obj, Object, Scope, File.Scope, File.Unresolved, Importer, Package, NewPackage. In general, identifiers cannot be accurately resolved without type information. Consider, for example, the identifier K in T{K: ""}: it could be the name of a local variable if T is a map type, or the name of a field if T is a struct type. New programs should use the go/types package to resolve identifiers; see Object, Info.Uses, and Info.Defs for details. * go/ast: The new ast.Unparen function removes any enclosing parentheses from an expression. * go/types: The new Alias type represents type aliases. Previously, type aliases were not represented explicitly, so a reference to a type alias was equivalent to spelling out the aliased type, and the name of the alias was lost. The new representation retains the intermediate Alias. This enables improved error reporting (the name of a type alias can be reported), and allows for better handling of cyclic type declarations involving type aliases. In a future release, Alias types will also carry type parameter information. The new function Unalias returns the actual type denoted by an Alias type (or any other Type for that matter). * go/types: Because Alias types may break existing type switches that do not know to check for them, this functionality is controlled by a GODEBUG field named gotypesalias. With gotypesalias=0, everything behaves as before, and Alias types are never created. With gotypesalias=1, Alias types are created and clients must expect them. The default is gotypesalias=0. In a future release, the default will be changed to gotypesalias=1. Clients of go/types are urged to adjust their code as soon as possible to work with gotypesalias=1 to eliminate problems early. * go/types: The Info struct now exports the FileVersions map which provides per-file Go version information. * go/types: The new helper method PkgNameOf returns the local package name for the given import declaration. * go/types: The implementation of SizesFor has been adjusted to compute the same type sizes as the compiler when the compiler argument for SizesFor is "gc". The default Sizes implementation used by the type checker is now types.SizesFor("gc", "amd64"). * go/types: The start position (Pos) of the lexical environment block (Scope) that represents a function body has changed: it used to start at the opening curly brace of the function body, but now starts at the function's func token. * html/template: Javascript template literals may now contain Go template actions, and parsing a template containing one will no longer return ErrJSTemplate. Similarly the GODEBUG setting jstmpllitinterp no longer has any effect. * io: The new SectionReader.Outer method returns the ReaderAt, offset, and size passed to NewSectionReader. * log/slog: The new SetLogLoggerLevel function controls the level for the bridge between the `slog` and `log` packages. It sets the minimum level for calls to the top-level `slog` logging functions, and it sets the level for calls to `log.Logger` that go through `slog`. * math/big: The new method Rat.FloatPrec computes the number of fractional decimal digits required to represent a rational number accurately as a floating-point number, and whether accurate decimal representation is possible in the first place. * net: When io.Copy copies from a TCPConn to a UnixConn, it will now use Linux's splice(2) system call if possible, using the new method TCPConn.WriteTo. * net: The Go DNS Resolver, used when building with "-tags=netgo", now searches for a matching name in the Windows hosts file, located at %SystemRoot%\System32\drivers\etc\hosts, before making a DNS query. * net/http: The new functions ServeFileFS, FileServerFS, and NewFileTransportFS are versions of the existing ServeFile, FileServer, and NewFileTransport, operating on an fs.FS. * net/http: The HTTP server and client now reject requests and responses containing an invalid empty Content-Length header. The previous behavior may be restored by setting GODEBUG field httplaxcontentlength=1. * net/http: The new method Request.PathValue returns path wildcard values from a request and the new method Request.SetPathValue sets path wildcard values on a request. * net/http/cgi: When executing a CGI process, the PATH_INFO variable is now always set to the empty string or a value starting with a / character, as required by RFC 3875. It was previously possible for some combinations of Handler.Root and request URL to violate this requirement. * net/netip: The new AddrPort.Compare method compares two AddrPorts. * os: On Windows, the Stat function now follows all reparse points that link to another named entity in the system. It was previously only following IO_REPARSE_TAG_SYMLINK and IO_REPARSE_TAG_MOUNT_POINT reparse points. * os: On Windows, passing O_SYNC to OpenFile now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms. * os: On Windows, the ReadDir, File.ReadDir, File.Readdir, and File.Readdirnames functions now read directory entries in batches to reduce the number of system calls, improving performance up to 30%. * os: When io.Copy copies from a File to a net.UnixConn, it will now use Linux's sendfile(2) system call if possible, using the new method File.WriteTo. * os/exec: On Windows, LookPath now ignores empty entries in %PATH%, and returns ErrNotFound (instead of ErrNotExist) if no executable file extension is found to resolve an otherwise-unambiguous name. * os/exec: On Windows, Command and Cmd.Start no longer call LookPath if the path to the executable is already absolute and has an executable file extension. In addition, Cmd.Start no longer writes the resolved extension back to the Path field, so it is now safe to call the String method concurrently with a call to Start. * reflect: The Value.IsZero method will now return true for a floating-point or complex negative zero, and will return true for a struct value if a blank field (a field named _) somehow has a non-zero value. These changes make IsZero consistent with comparing a value to zero using the language == operator. * reflect: The PtrTo function is deprecated, in favor of PointerTo. * reflect: The new function TypeFor returns the Type that represents the type argument T. Previously, to get the reflect.Type value for a type, one had to use reflect.TypeOf((*T)(nil)).Elem(). This may now be written as reflect.TypeForT. * runtime/metrics: Four new histogram metrics /sched/pauses/stopping/gc:seconds, /sched/pauses/stopping/other:seconds, /sched/pauses/total/gc:seconds, and /sched/pauses/total/other:seconds provide additional details about stop-the-world pauses. The "stopping" metrics report the time taken from deciding to stop the world until all goroutines are stopped. The "total" metrics report the time taken from deciding to stop the world until it is started again. * runtime/metrics: The /gc/pauses:seconds metric is deprecated, as it is equivalent to the new /sched/pauses/total/gc:seconds metric. * runtime/metrics: /sync/mutex/wait/total:seconds now includes contention on runtime-internal locks in addition to sync.Mutex and sync.RWMutex. * runtime/pprof: Mutex profiles now scale contention by the number of goroutines blocked on the mutex. This provides a more accurate representation of the degree to which a mutex is a bottleneck in a Go program. For instance, if 100 goroutines are blocked on a mutex for 10 milliseconds, a mutex profile will now record 1 second of delay instead of 10 milliseconds of delay. * runtime/pprof: Mutex profiles also now include contention on runtime- internal locks in addition to sync.Mutex and sync.RWMutex. Contention on runtime-internal locks is always reported at runtime._LostContendedRuntimeLock. A future release will add complete stack traces in these cases. * runtime/pprof: CPU profiles on Darwin platforms now contain the process's memory map, enabling the disassembly view in the pprof tool. * runtime/trace: The execution tracer has been completely overhauled in this release, resolving several long-standing issues and paving the way for new use-cases for execution traces. * runtime/trace: Execution traces now use the operating system's clock on most platforms (Windows excluded) so it is possible to correlate them with traces produced by lower-level components. Execution traces no longer depend on the reliability of the platform's clock to produce a correct trace. Execution traces are now partitioned regularly on-the-fly and as a result may be processed in a streamable way. Execution traces now contain complete durations for all system calls. Execution traces now contain information about the operating system threads that goroutines executed on. The latency impact of starting and stopping execution traces has been dramatically reduced. Execution traces may now begin or end during the garbage collection mark phase. * runtime/trace: To allow Go developers to take advantage of these improvements, an experimental trace reading package is available at golang.org/x/exp/trace. Note that this package only works on traces produced by programs built with go1.22 at the moment. Please try out the package and provide feedback on the corresponding proposal issue. * runtime/trace: If you experience any issues with the new execution tracer implementation, you may switch back to the old implementation by building your Go program with GOEXPERIMENT=noexectracer2. If you do, please file an issue, otherwise this option will be removed in a future release. * slices: The new function Concat concatenates multiple slices. * slices: Functions that shrink the size of a slice (Delete, DeleteFunc, Compact, CompactFunc, and Replace) now zero the elements between the new length and the old length. * slices: Insert now always panics if the argument i is out of range. Previously it did not panic in this situation if there were no elements to be inserted. * syscall: The syscall package has been frozen since Go 1.4 and was marked as deprecated in Go 1.11, causing many editors to warn about any use of the package. However, some non-deprecated functionality requires use of the syscall package, such as the os/exec.Cmd.SysProcAttr field. To avoid unnecessary complaints on such code, the syscall package is no longer marked as deprecated. The package remains frozen to most new functionality, and new code remains encouraged to use golang.org/x/sys/unix or golang.org/x/sys/windows where possible. * syscall: On Linux, the new SysProcAttr.PidFD field allows obtaining a PID FD when starting a child process via StartProcess or os/exec. * syscall: On Windows, passing O_SYNC to Open now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms. * testing/slogtest: The new Run function uses sub-tests to run test cases, providing finer-grained control. * Ports: Darwin: On macOS on 64-bit x86 architecture (the darwin/amd64 port), the Go toolchain now generates position-independent executables (PIE) by default. Non-PIE binaries can be generated by specifying the -buildmode=exe build flag. On 64-bit ARM-based macOS (the darwin/arm64 port), the Go toolchain already generates PIE by default. go1.22 is the last release that will run on macOS 10.15 Catalina. Go 1.23 will require macOS 11 Big Sur or later. * Ports: Arm: The GOARM environment variable now allows you to select whether to use software or hardware floating point. Previously, valid GOARM values were 5, 6, or 7. Now those same values can be optionally followed by ,softfloat or ,hardfloat to select the floating-point implementation. This new option defaults to softfloat for version 5 and hardfloat for versions 6 and 7. * Ports: Loong64: The loong64 port now supports passing function arguments and results using registers. The linux/loong64 port now supports the address sanitizer, memory sanitizer, new-style linker relocations, and the plugin build mode. * OpenBSD go1.22 adds an experimental port to OpenBSD on big-endian 64-bit PowerPC (openbsd/ppc64). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3772=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3772=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.22-openssl-debuginfo-1.22.7.1-150000.1.3.1 * go1.22-openssl-race-1.22.7.1-150000.1.3.1 * go1.22-openssl-doc-1.22.7.1-150000.1.3.1 * go1.22-openssl-1.22.7.1-150000.1.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.22-openssl-debuginfo-1.22.7.1-150000.1.3.1 * go1.22-openssl-race-1.22.7.1-150000.1.3.1 * go1.22-openssl-doc-1.22.7.1-150000.1.3.1 * go1.22-openssl-1.22.7.1-150000.1.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2023-45289.html * https://www.suse.com/security/cve/CVE-2023-45290.html * https://www.suse.com/security/cve/CVE-2024-24783.html * https://www.suse.com/security/cve/CVE-2024-24784.html * https://www.suse.com/security/cve/CVE-2024-24785.html * https://www.suse.com/security/cve/CVE-2024-24787.html * https://www.suse.com/security/cve/CVE-2024-24788.html * https://www.suse.com/security/cve/CVE-2024-24789.html * https://www.suse.com/security/cve/CVE-2024-24790.html * https://www.suse.com/security/cve/CVE-2024-24791.html * https://www.suse.com/security/cve/CVE-2024-34155.html * https://www.suse.com/security/cve/CVE-2024-34156.html * https://www.suse.com/security/cve/CVE-2024-34158.html * https://bugzilla.suse.com/show_bug.cgi?id=1218424 * https://bugzilla.suse.com/show_bug.cgi?id=1219988 * https://bugzilla.suse.com/show_bug.cgi?id=1220999 * https://bugzilla.suse.com/show_bug.cgi?id=1221000 * https://bugzilla.suse.com/show_bug.cgi?id=1221001 * https://bugzilla.suse.com/show_bug.cgi?id=1221002 * https://bugzilla.suse.com/show_bug.cgi?id=1221003 * https://bugzilla.suse.com/show_bug.cgi?id=1221400 * https://bugzilla.suse.com/show_bug.cgi?id=1224017 * https://bugzilla.suse.com/show_bug.cgi?id=1224018 * https://bugzilla.suse.com/show_bug.cgi?id=1225973 * https://bugzilla.suse.com/show_bug.cgi?id=1225974 * https://bugzilla.suse.com/show_bug.cgi?id=1227314 * https://bugzilla.suse.com/show_bug.cgi?id=1230252 * https://bugzilla.suse.com/show_bug.cgi?id=1230253 * https://bugzilla.suse.com/show_bug.cgi?id=1230254 * https://jira.suse.com/browse/PED-1962 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 16:30:43 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 16:30:43 -0000 Subject: SUSE-SU-2024:3771-1: important: Security update for pgadmin4 Message-ID: <173021944348.7152.2391680165894684461@smelt2.prg2.suse.org> # Security update for pgadmin4 Announcement ID: SUSE-SU-2024:3771-1 Release Date: 2024-10-29T12:55:39Z Rating: important References: * bsc#1224295 * bsc#1224366 * bsc#1226967 * bsc#1227248 * bsc#1227252 * bsc#1229423 * bsc#1229861 * bsc#1230928 * bsc#1231564 * bsc#1231684 Cross-References: * CVE-2024-38355 * CVE-2024-38998 * CVE-2024-38999 * CVE-2024-39338 * CVE-2024-4067 * CVE-2024-4068 * CVE-2024-43788 * CVE-2024-48948 * CVE-2024-48949 * CVE-2024-9014 CVSS scores: * CVE-2024-38355 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38998 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2024-38998 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38998 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38999 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2024-39338 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-39338 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-39338 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-4067 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-4068 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43788 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L * CVE-2024-43788 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2024-43788 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-48948 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-48948 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2024-48949 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-48949 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-48949 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-9014 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9014 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9014 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for pgadmin4 fixes the following issues: * CVE-2024-38355: Fixed socket.io: unhandled 'error' event (bsc#1226967) * CVE-2024-38998: Fixed requirejs: prototype pollution via function config (bsc#1227248) * CVE-2024-38999: Fixed requirejs: prototype pollution via function s.contexts._.configure (bsc#1227252) * CVE-2024-39338: Fixed axios: server-side request forgery due to requests for path relative URLs being processed as protocol relative URLs in axios (bsc#1229423) * CVE-2024-4067: Fixed micromatch: vulnerable to Regular Expression Denial of Service (ReDoS) (bsc#1224366) * CVE-2024-4068: Fixed braces: fails to limit the number of characters it can handle, which could lead to Memory Exhaustion (bsc#1224295) * CVE-2024-43788: Fixed webpack: DOM clobbering gadget in AutoPublicPathRuntimeModule could lead to XSS (bsc#1229861) * CVE-2024-48948: Fixed elliptic: ECDSA signature verification error due to leading zero may reject legitimate transactions in elliptic (bsc#1231684) * CVE-2024-48949: Fixed elliptic: Missing Validation in Elliptic's EDDSA Signature Verification (bsc#1231564) * CVE-2024-9014: Fixed OAuth2 issue that could lead to information leak (bsc#1230928) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3771=1 openSUSE-SLE-15.6-2024-3771=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3771=1 ## Package List: * openSUSE Leap 15.6 (noarch) * pgadmin4-desktop-8.5-150600.3.6.1 * system-user-pgadmin-8.5-150600.3.6.1 * pgadmin4-doc-8.5-150600.3.6.1 * pgadmin4-cloud-8.5-150600.3.6.1 * pgadmin4-8.5-150600.3.6.1 * pgadmin4-web-uwsgi-8.5-150600.3.6.1 * Python 3 Module 15-SP6 (noarch) * pgadmin4-8.5-150600.3.6.1 * system-user-pgadmin-8.5-150600.3.6.1 * pgadmin4-doc-8.5-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38355.html * https://www.suse.com/security/cve/CVE-2024-38998.html * https://www.suse.com/security/cve/CVE-2024-38999.html * https://www.suse.com/security/cve/CVE-2024-39338.html * https://www.suse.com/security/cve/CVE-2024-4067.html * https://www.suse.com/security/cve/CVE-2024-4068.html * https://www.suse.com/security/cve/CVE-2024-43788.html * https://www.suse.com/security/cve/CVE-2024-48948.html * https://www.suse.com/security/cve/CVE-2024-48949.html * https://www.suse.com/security/cve/CVE-2024-9014.html * https://bugzilla.suse.com/show_bug.cgi?id=1224295 * https://bugzilla.suse.com/show_bug.cgi?id=1224366 * https://bugzilla.suse.com/show_bug.cgi?id=1226967 * https://bugzilla.suse.com/show_bug.cgi?id=1227248 * https://bugzilla.suse.com/show_bug.cgi?id=1227252 * https://bugzilla.suse.com/show_bug.cgi?id=1229423 * https://bugzilla.suse.com/show_bug.cgi?id=1229861 * https://bugzilla.suse.com/show_bug.cgi?id=1230928 * https://bugzilla.suse.com/show_bug.cgi?id=1231564 * https://bugzilla.suse.com/show_bug.cgi?id=1231684 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 16:30:47 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 16:30:47 -0000 Subject: SUSE-SU-2024:3770-1: important: Security update for libgsf Message-ID: <173021944768.7152.10098467049850574230@smelt2.prg2.suse.org> # Security update for libgsf Announcement ID: SUSE-SU-2024:3770-1 Release Date: 2024-10-29T12:55:17Z Rating: important References: * bsc#1014609 * bsc#1231282 * bsc#1231283 Cross-References: * CVE-2016-9888 * CVE-2024-36474 * CVE-2024-42415 CVSS scores: * CVE-2016-9888 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-36474 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-36474 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42415 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-42415 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for libgsf fixes the following issues: * CVE-2016-9888: Fixed null pointer dereference with corrupted tar files (bsc#1014609) * CVE-2024-36474: Fixed out-of-bounds index when processing a directory via an integer overflow in the compound document binary file format parser (bsc#1231282) * CVE-2024-42415: Fixed heap-based buffer overflow when processing the sector allocation table via an integer overflow in the compound document binary file format parser (bsc#1231283) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-3770=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3770=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (aarch64 ppc64le s390x x86_64) * libgsf-1-114-debuginfo-1.14.40-8.3.1 * libgsf-debugsource-1.14.40-8.3.1 * libgsf-1-114-1.14.40-8.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (noarch) * libgsf-lang-1.14.40-8.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (s390x x86_64) * libgsf-1-114-debuginfo-32bit-1.14.40-8.3.1 * libgsf-1-114-32bit-1.14.40-8.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (x86_64) * libgsf-1-114-debuginfo-1.14.40-8.3.1 * libgsf-1-114-debuginfo-32bit-1.14.40-8.3.1 * libgsf-1-114-1.14.40-8.3.1 * libgsf-debugsource-1.14.40-8.3.1 * libgsf-1-114-32bit-1.14.40-8.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (noarch) * libgsf-lang-1.14.40-8.3.1 ## References: * https://www.suse.com/security/cve/CVE-2016-9888.html * https://www.suse.com/security/cve/CVE-2024-36474.html * https://www.suse.com/security/cve/CVE-2024-42415.html * https://bugzilla.suse.com/show_bug.cgi?id=1014609 * https://bugzilla.suse.com/show_bug.cgi?id=1231282 * https://bugzilla.suse.com/show_bug.cgi?id=1231283 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 20:30:05 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 20:30:05 -0000 Subject: SUSE-SU-2024:3779-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3) Message-ID: <173023380597.23267.5946104075585692112@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3779-1 Release Date: 2024-10-29T19:03:47Z Rating: important References: * bsc#1227471 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2021-47598 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3779=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3779=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_167-default-3-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_167-default-debuginfo-3-150300.7.6.1 * kernel-livepatch-SLE15-SP3_Update_46-debugsource-3-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_167-preempt-debuginfo-3-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_167-preempt-3-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_167-default-3-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 20:30:14 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 20:30:14 -0000 Subject: SUSE-SU-2024:3777-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP4) Message-ID: <173023381462.23267.240841320267769472@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3777-1 Release Date: 2024-10-29T17:03:52Z Rating: important References: * bsc#1225011 * bsc#1225012 * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 * bsc#1231353 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_100 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3777=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3777=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_100-default-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-13-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_21-debugsource-13-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_100-default-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-13-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_21-debugsource-13-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Oct 29 20:30:17 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 29 Oct 2024 20:30:17 -0000 Subject: SUSE-SU-2024:3775-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6) Message-ID: <173023381799.23267.1062359498443733525@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6) Announcement ID: SUSE-SU-2024:3775-1 Release Date: 2024-10-29T16:03:50Z Rating: important References: * bsc#1225819 Cross-References: * CVE-2023-52752 CVSS scores: * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_8 fixes one issue. The following security issue was fixed: * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3775=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6-RT_Update_2-debugsource-2-150600.1.6.1 * kernel-livepatch-6_4_0-150600_10_8-rt-2-150600.1.6.1 * kernel-livepatch-6_4_0-150600_10_8-rt-debuginfo-2-150600.1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52752.html * https://bugzilla.suse.com/show_bug.cgi?id=1225819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 08:30:11 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 08:30:11 -0000 Subject: SUSE-SU-2024:3783-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3) Message-ID: <173027701185.7152.2376369417678950115@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3783-1 Release Date: 2024-10-30T04:33:44Z Rating: important References: * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35864 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_150 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3784=1 SUSE-2024-3783=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3784=1 SUSE-SLE- Module-Live-Patching-15-SP3-2024-3783=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_138-default-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_150-default-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_150-default-debuginfo-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_138-default-debuginfo-15-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_37-debugsource-15-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_41-debugsource-12-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_138-preempt-debuginfo-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_138-preempt-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_150-preempt-debuginfo-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_150-preempt-12-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_138-default-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_150-default-12-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 08:30:19 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 08:30:19 -0000 Subject: SUSE-SU-2024:3782-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP2) Message-ID: <173027701974.7152.8363639276899155770@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3782-1 Release Date: 2024-10-30T03:33:39Z Rating: important References: * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 * bsc#1227472 Cross-References: * CVE-2021-47598 * CVE-2021-47600 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35864 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_166 fixes several issues. The following security issues were fixed: * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1227472). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3782=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_166-default-15-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_41-debugsource-15-150200.2.1 * kernel-livepatch-5_3_18-150200_24_166-default-debuginfo-15-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 08:30:33 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 08:30:33 -0000 Subject: SUSE-SU-2024:3780-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4) Message-ID: <173027703329.7152.15876550861891090897@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3780-1 Release Date: 2024-10-29T20:48:12Z Rating: important References: * bsc#1223683 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1228573 * bsc#1228786 * bsc#1231353 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26923 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 12 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_122 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3780=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3780=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_122-default-5-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-5-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-5-150400.9.6.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_122-default-5-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-5-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-5-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 08:30:44 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 08:30:44 -0000 Subject: SUSE-SU-2024:3785-1: important: Security update for pcp Message-ID: <173027704493.7152.14025081388557248290@smelt2.prg2.suse.org> # Security update for pcp Announcement ID: SUSE-SU-2024:3785-1 Release Date: 2024-10-30T07:56:18Z Rating: important References: * bsc#1217826 * bsc#1222815 * bsc#1230551 * bsc#1230552 * bsc#1231345 * jsc#PED-8192 * jsc#PED-8389 Cross-References: * CVE-2023-6917 * CVE-2024-45769 * CVE-2024-45770 CVSS scores: * CVE-2023-6917 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45769 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45769 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45770 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2024-45770 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2024-45770 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities, contains two features and has two security fixes can now be installed. ## Description: This update for pcp fixes the following issues: pcp was updated from version 5.2.5 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389): * Security issues fixed: * CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552) * CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551) * CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826) * Major changes: * Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes * Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting * Version 2 archives remain the default (for next few years) * Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR); this impacts on libpcp, PMAPI clients and PMCD use of encryption; these are now configured and used consistently with pmproxy HTTPS support and redis- server, which were both already using OpenSSL. * New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps These are all optional, and full backward compatibility is preserved for existing tools. * For the full list of changes please consult the packaged CHANGELOG file * Other packaging changes: * Moved pmlogger_daily into the main package (bsc#1222815) * Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p. Required for SLE-12 * Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64 * Change the architecture for various subpackages to 'noarch' as they contain no binaries * Disable 'pmda-mssql', as it fails to build ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3785=1 openSUSE-SLE-15.5-2024-3785=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3785=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * pcp-pmda-gfs2-debuginfo-6.2.0-150500.8.6.1 * pcp-system-tools-debuginfo-6.2.0-150500.8.6.1 * libpcp-devel-6.2.0-150500.8.6.1 * libpcp_trace2-6.2.0-150500.8.6.1 * perl-PCP-LogImport-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-cisco-6.2.0-150500.8.6.1 * pcp-testsuite-6.2.0-150500.8.6.1 * libpcp_import1-6.2.0-150500.8.6.1 * pcp-pmda-bash-6.2.0-150500.8.6.1 * pcp-gui-debuginfo-6.2.0-150500.8.6.1 * python3-pcp-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-bind2-6.2.0-150500.8.6.1 * pcp-pmda-logger-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-shping-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-roomtemp-6.2.0-150500.8.6.1 * pcp-pmda-shping-6.2.0-150500.8.6.1 * pcp-pmda-gfs2-6.2.0-150500.8.6.1 * pcp-pmda-apache-debuginfo-6.2.0-150500.8.6.1 * pcp-devel-6.2.0-150500.8.6.1 * pcp-pmda-zimbra-6.2.0-150500.8.6.1 * pcp-testsuite-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-mailq-debuginfo-6.2.0-150500.8.6.1 * pcp-import-collectl2pcp-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-nvidia-gpu-6.2.0-150500.8.6.1 * pcp-pmda-docker-debuginfo-6.2.0-150500.8.6.1 * libpcp3-6.2.0-150500.8.6.1 * pcp-pmda-sendmail-debuginfo-6.2.0-150500.8.6.1 * perl-PCP-MMV-6.2.0-150500.8.6.1 * python3-pcp-6.2.0-150500.8.6.1 * pcp-pmda-smart-debuginfo-6.2.0-150500.8.6.1 * pcp-devel-debuginfo-6.2.0-150500.8.6.1 * libpcp_mmv1-debuginfo-6.2.0-150500.8.6.1 * libpcp_gui2-debuginfo-6.2.0-150500.8.6.1 * pcp-debugsource-6.2.0-150500.8.6.1 * pcp-pmda-zimbra-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-trace-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-cifs-6.2.0-150500.8.6.1 * perl-PCP-PMDA-6.2.0-150500.8.6.1 * perl-PCP-MMV-debuginfo-6.2.0-150500.8.6.1 * libpcp_import1-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-cifs-debuginfo-6.2.0-150500.8.6.1 * pcp-6.2.0-150500.8.6.1 * pcp-pmda-sockets-6.2.0-150500.8.6.1 * pcp-pmda-mounts-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-bash-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-dm-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-lustrecomm-6.2.0-150500.8.6.1 * pcp-pmda-weblog-6.2.0-150500.8.6.1 * pcp-gui-6.2.0-150500.8.6.1 * pcp-pmda-sendmail-6.2.0-150500.8.6.1 * pcp-pmda-docker-6.2.0-150500.8.6.1 * pcp-pmda-hacluster-6.2.0-150500.8.6.1 * libpcp_mmv1-6.2.0-150500.8.6.1 * pcp-pmda-cisco-debuginfo-6.2.0-150500.8.6.1 * libpcp_web1-6.2.0-150500.8.6.1 * pcp-pmda-smart-6.2.0-150500.8.6.1 * pcp-pmda-trace-6.2.0-150500.8.6.1 * libpcp3-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-nvidia-gpu-debuginfo-6.2.0-150500.8.6.1 * pcp-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-hacluster-debuginfo-6.2.0-150500.8.6.1 * libpcp_gui2-6.2.0-150500.8.6.1 * pcp-pmda-mounts-6.2.0-150500.8.6.1 * pcp-pmda-weblog-debuginfo-6.2.0-150500.8.6.1 * pcp-system-tools-6.2.0-150500.8.6.1 * perl-PCP-LogSummary-6.2.0-150500.8.6.1 * pcp-pmda-logger-6.2.0-150500.8.6.1 * pcp-pmda-lustrecomm-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-summary-6.2.0-150500.8.6.1 * perl-PCP-LogImport-6.2.0-150500.8.6.1 * pcp-import-collectl2pcp-6.2.0-150500.8.6.1 * pcp-pmda-roomtemp-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-systemd-6.2.0-150500.8.6.1 * pcp-pmda-systemd-debuginfo-6.2.0-150500.8.6.1 * libpcp_trace2-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-mailq-6.2.0-150500.8.6.1 * pcp-pmda-sockets-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-dm-6.2.0-150500.8.6.1 * pcp-pmda-summary-debuginfo-6.2.0-150500.8.6.1 * perl-PCP-PMDA-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-apache-6.2.0-150500.8.6.1 * libpcp_web1-debuginfo-6.2.0-150500.8.6.1 * openSUSE Leap 15.5 (noarch) * pcp-export-pcp2influxdb-6.2.0-150500.8.6.1 * pcp-pmda-netfilter-6.2.0-150500.8.6.1 * pcp-pmda-elasticsearch-6.2.0-150500.8.6.1 * pcp-pmda-netcheck-6.2.0-150500.8.6.1 * pcp-doc-6.2.0-150500.8.6.1 * pcp-pmda-mysql-6.2.0-150500.8.6.1 * pcp-pmda-bonding-6.2.0-150500.8.6.1 * pcp-pmda-openmetrics-6.2.0-150500.8.6.1 * pcp-pmda-ds389-6.2.0-150500.8.6.1 * pcp-pmda-rsyslog-6.2.0-150500.8.6.1 * pcp-import-ganglia2pcp-6.2.0-150500.8.6.1 * pcp-pmda-news-6.2.0-150500.8.6.1 * pcp-export-pcp2graphite-6.2.0-150500.8.6.1 * pcp-export-pcp2elasticsearch-6.2.0-150500.8.6.1 * pcp-import-mrtg2pcp-6.2.0-150500.8.6.1 * pcp-import-iostat2pcp-6.2.0-150500.8.6.1 * pcp-pmda-samba-6.2.0-150500.8.6.1 * pcp-export-pcp2zabbix-6.2.0-150500.8.6.1 * pcp-pmda-nfsclient-6.2.0-150500.8.6.1 * pcp-pmda-openvswitch-6.2.0-150500.8.6.1 * pcp-pmda-snmp-6.2.0-150500.8.6.1 * pcp-export-pcp2json-6.2.0-150500.8.6.1 * pcp-pmda-dbping-6.2.0-150500.8.6.1 * pcp-pmda-slurm-6.2.0-150500.8.6.1 * pcp-conf-6.2.0-150500.8.6.1 * pcp-pmda-mic-6.2.0-150500.8.6.1 * pcp-export-pcp2xml-6.2.0-150500.8.6.1 * pcp-pmda-haproxy-6.2.0-150500.8.6.1 * pcp-pmda-lmsensors-6.2.0-150500.8.6.1 * pcp-pmda-oracle-6.2.0-150500.8.6.1 * pcp-export-pcp2spark-6.2.0-150500.8.6.1 * pcp-pmda-nginx-6.2.0-150500.8.6.1 * pcp-pmda-gpfs-6.2.0-150500.8.6.1 * pcp-pmda-named-6.2.0-150500.8.6.1 * pcp-pmda-activemq-6.2.0-150500.8.6.1 * pcp-zeroconf-6.2.0-150500.8.6.1 * pcp-pmda-gluster-6.2.0-150500.8.6.1 * pcp-pmda-nutcracker-6.2.0-150500.8.6.1 * pcp-import-sar2pcp-6.2.0-150500.8.6.1 * pcp-pmda-lustre-6.2.0-150500.8.6.1 * pcp-pmda-zswap-6.2.0-150500.8.6.1 * pcp-pmda-postfix-6.2.0-150500.8.6.1 * pcp-pmda-redis-6.2.0-150500.8.6.1 * pcp-pmda-unbound-6.2.0-150500.8.6.1 * pcp-pmda-rabbitmq-6.2.0-150500.8.6.1 * pcp-pmda-gpsd-6.2.0-150500.8.6.1 * pcp-pmda-json-6.2.0-150500.8.6.1 * pcp-pmda-ds389log-6.2.0-150500.8.6.1 * pcp-pmda-memcache-6.2.0-150500.8.6.1 * pcp-pmda-pdns-6.2.0-150500.8.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * pcp-pmda-infiniband-6.2.0-150500.8.6.1 * pcp-pmda-infiniband-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-perfevent-6.2.0-150500.8.6.1 * pcp-pmda-perfevent-debuginfo-6.2.0-150500.8.6.1 * openSUSE Leap 15.5 (x86_64) * pcp-pmda-resctrl-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-resctrl-6.2.0-150500.8.6.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * pcp-system-tools-debuginfo-6.2.0-150500.8.6.1 * libpcp-devel-6.2.0-150500.8.6.1 * libpcp_trace2-6.2.0-150500.8.6.1 * perl-PCP-LogImport-debuginfo-6.2.0-150500.8.6.1 * libpcp_import1-6.2.0-150500.8.6.1 * pcp-devel-6.2.0-150500.8.6.1 * perl-PCP-MMV-6.2.0-150500.8.6.1 * libpcp3-6.2.0-150500.8.6.1 * pcp-devel-debuginfo-6.2.0-150500.8.6.1 * libpcp_mmv1-debuginfo-6.2.0-150500.8.6.1 * libpcp_gui2-debuginfo-6.2.0-150500.8.6.1 * pcp-debugsource-6.2.0-150500.8.6.1 * perl-PCP-PMDA-6.2.0-150500.8.6.1 * perl-PCP-MMV-debuginfo-6.2.0-150500.8.6.1 * libpcp_import1-debuginfo-6.2.0-150500.8.6.1 * pcp-6.2.0-150500.8.6.1 * libpcp_mmv1-6.2.0-150500.8.6.1 * libpcp_web1-6.2.0-150500.8.6.1 * libpcp3-debuginfo-6.2.0-150500.8.6.1 * pcp-debuginfo-6.2.0-150500.8.6.1 * libpcp_gui2-6.2.0-150500.8.6.1 * perl-PCP-LogSummary-6.2.0-150500.8.6.1 * pcp-system-tools-6.2.0-150500.8.6.1 * perl-PCP-LogImport-6.2.0-150500.8.6.1 * libpcp_trace2-debuginfo-6.2.0-150500.8.6.1 * python3-pcp-debuginfo-6.2.0-150500.8.6.1 * perl-PCP-PMDA-debuginfo-6.2.0-150500.8.6.1 * python3-pcp-6.2.0-150500.8.6.1 * libpcp_web1-debuginfo-6.2.0-150500.8.6.1 * Development Tools Module 15-SP5 (noarch) * pcp-doc-6.2.0-150500.8.6.1 * pcp-conf-6.2.0-150500.8.6.1 * pcp-import-iostat2pcp-6.2.0-150500.8.6.1 * pcp-import-sar2pcp-6.2.0-150500.8.6.1 * pcp-import-mrtg2pcp-6.2.0-150500.8.6.1 * Development Tools Module 15-SP5 (ppc64le) * pcp-pmda-perfevent-debuginfo-6.2.0-150500.8.6.1 * pcp-pmda-perfevent-6.2.0-150500.8.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6917.html * https://www.suse.com/security/cve/CVE-2024-45769.html * https://www.suse.com/security/cve/CVE-2024-45770.html * https://bugzilla.suse.com/show_bug.cgi?id=1217826 * https://bugzilla.suse.com/show_bug.cgi?id=1222815 * https://bugzilla.suse.com/show_bug.cgi?id=1230551 * https://bugzilla.suse.com/show_bug.cgi?id=1230552 * https://bugzilla.suse.com/show_bug.cgi?id=1231345 * https://jira.suse.com/browse/PED-8192 * https://jira.suse.com/browse/PED-8389 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:30:25 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:30:25 -0000 Subject: SUSE-SU-2024:3798-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3) Message-ID: <173029142596.32321.15420353410150650744@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3798-1 Release Date: 2024-10-30T11:33:45Z Rating: important References: * bsc#1210619 * bsc#1218487 * bsc#1220145 * bsc#1220537 * bsc#1221302 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2021-47598 * CVE-2022-48651 * CVE-2023-1829 * CVE-2023-52752 * CVE-2023-6531 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 23 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3798=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3798=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_153-default-9-150300.7.6.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_153-default-debuginfo-9-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_153-default-9-150300.7.6.1 * kernel-livepatch-SLE15-SP3_Update_42-debugsource-9-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_153-preempt-debuginfo-9-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_153-preempt-9-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1218487 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:30:30 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:30:30 -0000 Subject: SUSE-SU-2024:3797-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP3) Message-ID: <173029143091.32321.12190067286784258397@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3797-1 Release Date: 2024-10-30T11:04:16Z Rating: important References: * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35864 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_141 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3797=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3797=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_38-debugsource-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-default-debuginfo-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-default-14-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_141-preempt-debuginfo-14-150300.2.1 * kernel-livepatch-5_3_18-150300_59_141-preempt-14-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_141-default-14-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:30:48 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:30:48 -0000 Subject: SUSE-SU-2024:3796-1: important: Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP2) Message-ID: <173029144823.32321.13549839868593252286@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3796-1 Release Date: 2024-10-30T11:04:08Z Rating: important References: * bsc#1210619 * bsc#1220145 * bsc#1220537 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227472 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2021-47598 * CVE-2021-47600 * CVE-2022-48651 * CVE-2023-1829 * CVE-2023-52752 * CVE-2024-23307 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves 21 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_188 fixes several issues. The following security issues were fixed: * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1227472). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3796=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_188-default-8-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_188-default-debuginfo-8-150200.5.6.1 * kernel-livepatch-SLE15-SP2_Update_47-debugsource-8-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227472 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:30:54 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:30:54 -0000 Subject: SUSE-SU-2024:3794-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP2) Message-ID: <173029145446.32321.10906548566181402683@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3794-1 Release Date: 2024-10-30T11:03:58Z Rating: important References: * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 * bsc#1227472 Cross-References: * CVE-2021-47598 * CVE-2021-47600 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35864 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_172 fixes several issues. The following security issues were fixed: * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1227472). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3794=1 SUSE-SLE- Module-Live-Patching-15-SP2-2024-3795=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_172-default-debuginfo-13-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_43-debugsource-13-150200.2.1 * kernel-livepatch-5_3_18-150200_24_169-default-15-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_42-debugsource-15-150200.2.1 * kernel-livepatch-5_3_18-150200_24_172-default-13-150200.2.1 * kernel-livepatch-5_3_18-150200_24_169-default-debuginfo-15-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:31:18 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:31:18 -0000 Subject: SUSE-SU-2024:3793-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP4) Message-ID: <173029147860.32321.8847562342644903630@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3793-1 Release Date: 2024-10-30T09:04:17Z Rating: important References: * bsc#1219296 * bsc#1220145 * bsc#1220211 * bsc#1220828 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1228573 * bsc#1228786 * bsc#1231353 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52340 * CVE-2023-52502 * CVE-2023-52752 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26585 * CVE-2024-26610 * CVE-2024-26622 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 29 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_108 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220211). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828). * CVE-2023-52340: Fixed a denial of service related to ICMPv6 'Packet Too Big' packets (bsc#1219296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3793=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3793=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_108-default-10-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-10-150400.9.8.1 * kernel-livepatch-SLE15-SP4_Update_23-debugsource-10-150400.9.8.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_108-default-10-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-10-150400.9.8.1 * kernel-livepatch-SLE15-SP4_Update_23-debugsource-10-150400.9.8.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52340.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26622.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1219296 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220211 * https://bugzilla.suse.com/show_bug.cgi?id=1220828 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:31:25 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:31:25 -0000 Subject: SUSE-SU-2024:3799-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4) Message-ID: <173029148584.32321.3258293115556246853@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3799-1 Release Date: 2024-10-30T11:33:51Z Rating: important References: * bsc#1225011 * bsc#1225012 * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 * bsc#1231353 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_97 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3799=1 SUSE-2024-3792=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3799=1 SUSE-SLE- Module-Live-Patching-15-SP4-2024-3792=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_20-debugsource-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_19-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_97-default-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_92-default-14-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_20-debugsource-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_19-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_97-default-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_92-default-14-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:31:29 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:31:29 -0000 Subject: SUSE-SU-2024:3791-1: important: Security update for xwayland Message-ID: <173029148939.32321.6879503839415850703@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2024:3791-1 Release Date: 2024-10-30T08:19:49Z Rating: important References: * bsc#1231565 Cross-References: * CVE-2024-9632 CVSS scores: * CVE-2024-9632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3791=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3791=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xwayland-21.1.4-150400.3.39.1 * xwayland-debugsource-21.1.4-150400.3.39.1 * xwayland-debuginfo-21.1.4-150400.3.39.1 * xwayland-devel-21.1.4-150400.3.39.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * xwayland-21.1.4-150400.3.39.1 * xwayland-debugsource-21.1.4-150400.3.39.1 * xwayland-debuginfo-21.1.4-150400.3.39.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9632.html * https://bugzilla.suse.com/show_bug.cgi?id=1231565 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:31:34 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:31:34 -0000 Subject: SUSE-SU-2024:3790-1: important: Security update for xwayland Message-ID: <173029149487.32321.7719453227826908883@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2024:3790-1 Release Date: 2024-10-30T08:19:42Z Rating: important References: * bsc#1231565 Cross-References: * CVE-2024-9632 CVSS scores: * CVE-2024-9632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3790=1 SUSE-2024-3790=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3790=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xwayland-debuginfo-22.1.5-150500.7.25.1 * xwayland-devel-22.1.5-150500.7.25.1 * xwayland-22.1.5-150500.7.25.1 * xwayland-debugsource-22.1.5-150500.7.25.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xwayland-debuginfo-22.1.5-150500.7.25.1 * xwayland-22.1.5-150500.7.25.1 * xwayland-debugsource-22.1.5-150500.7.25.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9632.html * https://bugzilla.suse.com/show_bug.cgi?id=1231565 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:31:38 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:31:38 -0000 Subject: SUSE-SU-2024:3789-1: important: Security update for xwayland Message-ID: <173029149895.32321.11818418343159267793@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2024:3789-1 Release Date: 2024-10-30T08:19:26Z Rating: important References: * bsc#1231565 Cross-References: * CVE-2024-9632 CVSS scores: * CVE-2024-9632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3789=1 openSUSE-SLE-15.6-2024-3789=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3789=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xwayland-debugsource-24.1.1-150600.5.6.1 * xwayland-debuginfo-24.1.1-150600.5.6.1 * xwayland-24.1.1-150600.5.6.1 * xwayland-devel-24.1.1-150600.5.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * xwayland-debugsource-24.1.1-150600.5.6.1 * xwayland-debuginfo-24.1.1-150600.5.6.1 * xwayland-24.1.1-150600.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9632.html * https://bugzilla.suse.com/show_bug.cgi?id=1231565 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:31:41 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:31:41 -0000 Subject: SUSE-SU-2024:3788-1: important: Security update for xorg-x11-server Message-ID: <173029150195.32321.11243161629967689321@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2024:3788-1 Release Date: 2024-10-30T08:19:15Z Rating: important References: * bsc#1231565 Cross-References: * CVE-2024-9632 CVSS scores: * CVE-2024-9632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3788=1 openSUSE-SLE-15.5-2024-3788=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3788=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3788=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-sdk-21.1.4-150500.7.29.1 * xorg-x11-server-extra-21.1.4-150500.7.29.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.29.1 * xorg-x11-server-debugsource-21.1.4-150500.7.29.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.29.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.29.1 * xorg-x11-server-21.1.4-150500.7.29.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.29.1 * xorg-x11-server-source-21.1.4-150500.7.29.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-21.1.4-150500.7.29.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.29.1 * xorg-x11-server-debugsource-21.1.4-150500.7.29.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.29.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.29.1 * xorg-x11-server-21.1.4-150500.7.29.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.29.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-21.1.4-150500.7.29.1 * xorg-x11-server-sdk-21.1.4-150500.7.29.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.29.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9632.html * https://bugzilla.suse.com/show_bug.cgi?id=1231565 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:31:48 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:31:48 -0000 Subject: SUSE-SU-2024:3787-1: important: Security update for xorg-x11-server Message-ID: <173029150814.32321.10380095752008539209@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2024:3787-1 Release Date: 2024-10-30T08:18:52Z Rating: important References: * bsc#1231565 Cross-References: * CVE-2024-9632 CVSS scores: * CVE-2024-9632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3787=1 openSUSE-SLE-15.6-2024-3787=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3787=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3787=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-21.1.11-150600.5.3.1 * xorg-x11-server-debugsource-21.1.11-150600.5.3.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.3.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.3.1 * xorg-x11-server-extra-21.1.11-150600.5.3.1 * xorg-x11-server-source-21.1.11-150600.5.3.1 * xorg-x11-server-sdk-21.1.11-150600.5.3.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.3.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-21.1.11-150600.5.3.1 * xorg-x11-server-debugsource-21.1.11-150600.5.3.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.3.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.3.1 * xorg-x11-server-extra-21.1.11-150600.5.3.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.3.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.3.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-21.1.11-150600.5.3.1 * xorg-x11-server-sdk-21.1.11-150600.5.3.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9632.html * https://bugzilla.suse.com/show_bug.cgi?id=1231565 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 12:31:53 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 12:31:53 -0000 Subject: SUSE-SU-2024:3786-1: important: Security update for xorg-x11-server Message-ID: <173029151331.32321.7932232849476807839@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2024:3786-1 Release Date: 2024-10-30T08:18:30Z Rating: important References: * bsc#1231565 Cross-References: * CVE-2024-9632 CVSS scores: * CVE-2024-9632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-3786=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3786=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.19.6-10.77.1 * xorg-x11-server-debuginfo-1.19.6-10.77.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.77.1 * xorg-x11-server-1.19.6-10.77.1 * xorg-x11-server-extra-1.19.6-10.77.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (x86_64) * xorg-x11-server-debugsource-1.19.6-10.77.1 * xorg-x11-server-debuginfo-1.19.6-10.77.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.77.1 * xorg-x11-server-1.19.6-10.77.1 * xorg-x11-server-extra-1.19.6-10.77.1 ## References: * https://www.suse.com/security/cve/CVE-2024-9632.html * https://bugzilla.suse.com/show_bug.cgi?id=1231565 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 16:30:25 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 16:30:25 -0000 Subject: SUSE-SU-2024:3806-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4) Message-ID: <173030582501.7152.6273610695491920462@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3806-1 Release Date: 2024-10-30T13:34:06Z Rating: important References: * bsc#1223059 * bsc#1223363 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 * bsc#1231353 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 20 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_119 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3806=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3806=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-7-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_119-default-7-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_26-debugsource-7-150400.9.6.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-7-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_119-default-7-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_26-debugsource-7-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 16:30:31 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 16:30:31 -0000 Subject: SUSE-SU-2024:3804-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3) Message-ID: <173030583141.7152.17522611669564515024@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3804-1 Release Date: 2024-10-30T13:33:49Z Rating: important References: * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35864 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_144 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3804=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3804=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_144-default-debuginfo-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_144-default-13-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_39-debugsource-13-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_144-preempt-debuginfo-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_144-preempt-13-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_144-default-13-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 16:30:52 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 16:30:52 -0000 Subject: SUSE-SU-2024:3803-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP2) Message-ID: <173030585274.7152.17445055913362473002@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3803-1 Release Date: 2024-10-30T13:33:41Z Rating: important References: * bsc#1210619 * bsc#1218487 * bsc#1220145 * bsc#1220537 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227472 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2021-47598 * CVE-2021-47600 * CVE-2022-48651 * CVE-2023-1829 * CVE-2023-52752 * CVE-2023-6531 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves 23 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_183 fixes several issues. The following security issues were fixed: * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1227472). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3803=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_183-default-9-150200.5.6.1 * kernel-livepatch-SLE15-SP2_Update_46-debugsource-9-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_183-default-debuginfo-9-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1218487 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227472 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 16:31:00 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 16:31:00 -0000 Subject: SUSE-SU-2024:3805-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP4) Message-ID: <173030586051.7152.14369472137697998772@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3805-1 Release Date: 2024-10-30T13:33:56Z Rating: important References: * bsc#1225011 * bsc#1225012 * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 * bsc#1231353 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_103 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3805=1 SUSE-2024-3801=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3805=1 SUSE-SLE- Module-Live-Patching-15-SP4-2024-3801=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_18-debugsource-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_103-default-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_22-debugsource-11-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_18-debugsource-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_103-default-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_22-debugsource-11-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 16:31:10 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 16:31:10 -0000 Subject: SUSE-SU-2024:3800-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP2) Message-ID: <173030587060.7152.13736633927299996963@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3800-1 Release Date: 2024-10-30T12:04:00Z Rating: important References: * bsc#1223683 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227472 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2021-47598 * CVE-2021-47600 * CVE-2023-52752 * CVE-2024-26923 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_194 fixes several issues. The following security issues were fixed: * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1227472). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3800=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_194-default-debuginfo-4-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_194-default-4-150200.5.6.1 * kernel-livepatch-SLE15-SP2_Update_49-debugsource-4-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227472 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 16:31:19 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 16:31:19 -0000 Subject: SUSE-SU-2024:3811-1: moderate: Security update for govulncheck-vulndb Message-ID: <173030587960.7152.8182087096633247792@smelt2.prg2.suse.org> # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2024:3811-1 Release Date: 2024-10-30T15:34:13Z Rating: moderate References: * jsc#PED-11136 Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: * Update to version 0.0.20241028T152002 2024-10-28T15:20:02Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated: * GO-2024-3207 * GO-2024-3208 * GO-2024-3210 * GO-2024-3211 * GO-2024-3212 * GO-2024-3213 * GO-2024-3214 * GO-2024-3215 * GO-2024-3216 * GO-2024-3217 * GO-2024-3219 * GO-2024-3220 * GO-2024-3221 * GO-2024-3222 * GO-2024-3223 * GO-2024-3224 * Update to version 0.0.20241017T153730 date 2024-10-17T15:37:30Z. Go CVE Numbering Authority IDs added or updated: * GO-2024-3189 * GO-2024-3203 * GO-2024-3204 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3811=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3811=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3811=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3811=1 ## Package List: * openSUSE Leap 15.5 (noarch) * govulncheck-vulndb-0.0.20241028T152002-150000.1.6.1 * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20241028T152002-150000.1.6.1 * SUSE Package Hub 15 15-SP5 (noarch) * govulncheck-vulndb-0.0.20241028T152002-150000.1.6.1 * SUSE Package Hub 15 15-SP6 (noarch) * govulncheck-vulndb-0.0.20241028T152002-150000.1.6.1 ## References: * https://jira.suse.com/browse/PED-11136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 16:31:23 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 16:31:23 -0000 Subject: SUSE-SU-2024:3810-1: moderate: Security update for python-Werkzeug Message-ID: <173030588316.7152.10473269294143858508@smelt2.prg2.suse.org> # Security update for python-Werkzeug Announcement ID: SUSE-SU-2024:3810-1 Release Date: 2024-10-30T15:33:55Z Rating: moderate References: * bsc#1232449 Cross-References: * CVE-2024-49767 CVSS scores: * CVE-2024-49767 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-49767 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-49767 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for python-Werkzeug fixes the following issues: * CVE-2024-49767: Fixed possible resource exhaustion when parsing file data in forms (bsc#1232449). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3810=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3810=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3810=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-3810=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3810=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-Werkzeug-2.3.6-150400.6.12.1 * openSUSE Leap 15.5 (noarch) * python311-Werkzeug-2.3.6-150400.6.12.1 * openSUSE Leap 15.6 (noarch) * python311-Werkzeug-2.3.6-150400.6.12.1 * Python 3 Module 15-SP5 (noarch) * python311-Werkzeug-2.3.6-150400.6.12.1 * Python 3 Module 15-SP6 (noarch) * python311-Werkzeug-2.3.6-150400.6.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-49767.html * https://bugzilla.suse.com/show_bug.cgi?id=1232449 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 16:31:29 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 16:31:29 -0000 Subject: SUSE-SU-2024:3809-1: moderate: Security update for go1.21-openssl Message-ID: <173030588961.7152.1685516541122318564@smelt2.prg2.suse.org> # Security update for go1.21-openssl Announcement ID: SUSE-SU-2024:3809-1 Release Date: 2024-10-30T15:08:02Z Rating: moderate References: * bsc#1230252 * bsc#1230253 * bsc#1230254 * jsc#SLE-18320 Cross-References: * CVE-2024-34155 * CVE-2024-34156 * CVE-2024-34158 CVSS scores: * CVE-2024-34155 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34156 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34158 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-34158 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for go1.21-openssl fixes the following issues: * CVE-2024-34158: Fixed stack exhaustion in Parse in go/build/constraint (bsc#1230254). * CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode in encoding/gob (bsc#1230253). * CVE-2024-34155: Fixed stack exhaustion in all Parse* functions (bsc#1230252). * Update to version 1.21.13.3 cut from the go1.21-fips-release (jsc#SLE-18320). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3809=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3809=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.13.4-150000.1.14.1 * go1.21-openssl-1.21.13.4-150000.1.14.1 * go1.21-openssl-race-1.21.13.4-150000.1.14.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.13.4-150000.1.14.1 * go1.21-openssl-1.21.13.4-150000.1.14.1 * go1.21-openssl-race-1.21.13.4-150000.1.14.1 ## References: * https://www.suse.com/security/cve/CVE-2024-34155.html * https://www.suse.com/security/cve/CVE-2024-34156.html * https://www.suse.com/security/cve/CVE-2024-34158.html * https://bugzilla.suse.com/show_bug.cgi?id=1230252 * https://bugzilla.suse.com/show_bug.cgi?id=1230253 * https://bugzilla.suse.com/show_bug.cgi?id=1230254 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 16:31:36 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 16:31:36 -0000 Subject: SUSE-SU-2024:3802-1: moderate: Security update for java-11-openjdk Message-ID: <173030589639.7152.1234884763847701511@smelt2.prg2.suse.org> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2024:3802-1 Release Date: 2024-10-30T13:28:36Z Rating: moderate References: * bsc#1231702 * bsc#1231711 * bsc#1231716 * bsc#1231719 Cross-References: * CVE-2024-21208 * CVE-2024-21210 * CVE-2024-21217 * CVE-2024-21235 CVSS scores: * CVE-2024-21208 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-21208 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21208 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21210 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-21210 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21210 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21217 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-21217 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21217 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21235 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-21235 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21235 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: Updated to version 11.0.25+9 (October 2024 CPU): * CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702) * CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231711) * CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716) * CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-3802=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3802=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.25.0-3.81.1 * java-11-openjdk-devel-11.0.25.0-3.81.1 * java-11-openjdk-11.0.25.0-3.81.1 * java-11-openjdk-debugsource-11.0.25.0-3.81.1 * java-11-openjdk-demo-11.0.25.0-3.81.1 * java-11-openjdk-debuginfo-11.0.25.0-3.81.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (x86_64) * java-11-openjdk-headless-11.0.25.0-3.81.1 * java-11-openjdk-devel-11.0.25.0-3.81.1 * java-11-openjdk-11.0.25.0-3.81.1 * java-11-openjdk-debugsource-11.0.25.0-3.81.1 * java-11-openjdk-demo-11.0.25.0-3.81.1 * java-11-openjdk-debuginfo-11.0.25.0-3.81.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21208.html * https://www.suse.com/security/cve/CVE-2024-21210.html * https://www.suse.com/security/cve/CVE-2024-21217.html * https://www.suse.com/security/cve/CVE-2024-21235.html * https://bugzilla.suse.com/show_bug.cgi?id=1231702 * https://bugzilla.suse.com/show_bug.cgi?id=1231711 * https://bugzilla.suse.com/show_bug.cgi?id=1231716 * https://bugzilla.suse.com/show_bug.cgi?id=1231719 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:30:24 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:30:24 -0000 Subject: SUSE-SU-2024:3837-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5) Message-ID: <173032022469.7152.8194781386691183495@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3837-1 Release Date: 2024-10-30T19:03:55Z Rating: important References: * bsc#1220145 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52502 * CVE-2023-52752 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 26 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_38 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3837=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3837=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_38-rt-8-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-8-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_38-rt-8-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-8-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:30:29 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:30:29 -0000 Subject: SUSE-SU-2024:3836-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4) Message-ID: <173032022910.7152.14956338232751016193@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3836-1 Release Date: 2024-10-30T19:03:45Z Rating: important References: * bsc#1227471 * bsc#1228573 * bsc#1228786 * bsc#1231353 Cross-References: * CVE-2021-47598 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_125 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3836=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3836=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_125-default-3-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_28-debugsource-3-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-3-150400.9.6.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_125-default-3-150400.9.6.1 * kernel-livepatch-SLE15-SP4_Update_28-debugsource-3-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-3-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:30:33 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:30:33 -0000 Subject: SUSE-SU-2024:3835-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6) Message-ID: <173032023300.7152.2572573657270551716@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6) Announcement ID: SUSE-SU-2024:3835-1 Release Date: 2024-10-30T18:34:30Z Rating: important References: * bsc#1225819 * bsc#1228349 * bsc#1228786 Cross-References: * CVE-2023-52752 * CVE-2024-40909 * CVE-2024-40954 CVSS scores: * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_5 fixes several issues. The following security issues were fixed: * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3835=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6-RT_Update_1-debugsource-4-150600.1.8.1 * kernel-livepatch-6_4_0-150600_10_5-rt-debuginfo-4-150600.1.8.1 * kernel-livepatch-6_4_0-150600_10_5-rt-4-150600.1.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1228349 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:30:39 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:30:39 -0000 Subject: SUSE-SU-2024:3834-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6) Message-ID: <173032023911.7152.16948442481319493548@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6) Announcement ID: SUSE-SU-2024:3834-1 Release Date: 2024-10-30T18:34:25Z Rating: important References: * bsc#1225011 * bsc#1225012 * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1226327 * bsc#1231419 Cross-References: * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-42133 CVSS scores: * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42133 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-42133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_8 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG (bsc#1231419) * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3834=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_8-rt-5-150600.3.1 * kernel-livepatch-SLE15-SP6-RT_Update_0-debugsource-5-150600.3.1 * kernel-livepatch-6_4_0-150600_8-rt-debuginfo-5-150600.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-42133.html * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1231419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:30:47 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:30:47 -0000 Subject: SUSE-SU-2024:3833-1: important: Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5) Message-ID: <173032024730.7152.323908856723808603@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3833-1 Release Date: 2024-10-30T18:34:21Z Rating: important References: * bsc#1223683 * bsc#1225099 * bsc#1225739 * bsc#1225819 * bsc#1227471 * bsc#1228349 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26923 * CVE-2024-36899 * CVE-2024-40909 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_58 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3833=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3833=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_58-rt-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_58-rt-debuginfo-5-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_16-debugsource-5-150500.11.6.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_58-rt-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_58-rt-debuginfo-5-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_16-debugsource-5-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228349 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:31:02 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:31:02 -0000 Subject: SUSE-SU-2024:3831-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5) Message-ID: <173032026264.7152.5198177880898776078@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3831-1 Release Date: 2024-10-30T18:34:15Z Rating: important References: * bsc#1223363 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225311 * bsc#1225312 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_55 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3831=1 SUSE-2024-3832=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3831=1 SUSE-SLE- Module-Live-Patching-15-SP5-2024-3832=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_55-rt-debuginfo-6-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_15-debugsource-6-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-6-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_55-rt-6-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-6-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_52-rt-6-150500.11.8.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_55-rt-debuginfo-6-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_15-debugsource-6-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-6-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_55-rt-6-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-6-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_52-rt-6-150500.11.8.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:31:18 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:31:18 -0000 Subject: SUSE-SU-2024:3830-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5) Message-ID: <173032027886.7152.3858696961192125092@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3830-1 Release Date: 2024-10-30T18:34:04Z Rating: important References: * bsc#1221302 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 21 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_47 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3830=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3830=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_47-rt-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_47-rt-debuginfo-8-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_13-debugsource-8-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_47-rt-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_47-rt-debuginfo-8-150500.11.6.1 * kernel-livepatch-SLE15-SP5-RT_Update_13-debugsource-8-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:31:44 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:31:44 -0000 Subject: SUSE-SU-2024:3829-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5) Message-ID: <173032030435.7152.15515893024012141402@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3829-1 Release Date: 2024-10-30T18:33:58Z Rating: important References: * bsc#1219296 * bsc#1220145 * bsc#1220211 * bsc#1220828 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52340 * CVE-2023-52502 * CVE-2023-52752 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26585 * CVE-2024-26610 * CVE-2024-26622 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 30 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_35 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220211). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828). * CVE-2023-52340: Fixed a denial of service related to ICMPv6 'Packet Too Big' packets (bsc#1219296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3829=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3829=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_35-rt-10-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-10-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-10-150500.11.8.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_35-rt-10-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-10-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-10-150500.11.8.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52340.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26622.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1219296 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220211 * https://bugzilla.suse.com/show_bug.cgi?id=1220828 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:31:52 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:31:52 -0000 Subject: SUSE-SU-2024:3824-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP5) Message-ID: <173032031266.7152.804678843594876279@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3824-1 Release Date: 2024-10-30T18:33:52Z Rating: important References: * bsc#1225011 * bsc#1225012 * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1226327 * bsc#1227471 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_30 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3825=1 SUSE-SLE- Module-Live-Patching-15-SP5-2024-3826=1 SUSE-SLE-Module-Live- Patching-15-SP5-2024-3827=1 SUSE-SLE-Module-Live-Patching-15-SP5-2024-3828=1 SUSE-SLE-Module-Live-Patching-15-SP5-2024-3824=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3826=1 SUSE-2024-3827=1 SUSE-2024-3828=1 SUSE-2024-3824=1 SUSE-2024-3825=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_30-rt-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_13_30-rt-12-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-14-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_9-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_13_27-rt-13-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-15-150500.2.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_30-rt-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_13_30-rt-12-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-14-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_9-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_13_27-rt-13-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-15-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:32:01 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:32:01 -0000 Subject: SUSE-SU-2024:3822-1: important: Security update for the Linux Kernel (Live Patch 57 for SLE 12 SP5) Message-ID: <173032032155.7152.10375998781966949868@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 57 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3822-1 Release Date: 2024-10-30T17:34:43Z Rating: important References: * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225819 * bsc#1226325 * bsc#1228573 Cross-References: * CVE-2023-52752 * CVE-2024-26923 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_219 fixes several issues. The following security issues were fixed: * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3822=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_219-default-4-8.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:32:13 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:32:13 -0000 Subject: SUSE-SU-2024:3821-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5) Message-ID: <173032033335.7152.991172337131287643@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3821-1 Release Date: 2024-10-30T17:34:34Z Rating: important References: * bsc#1210619 * bsc#1220537 * bsc#1223363 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225819 * bsc#1226325 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47378 * CVE-2021-47383 * CVE-2023-1829 * CVE-2023-52752 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_216 fixes several issues. The following security issues were fixed: * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3821=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_216-default-7-8.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:32:30 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:32:30 -0000 Subject: SUSE-SU-2024:3820-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5) Message-ID: <173032035018.7152.16472229156197126824@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3820-1 Release Date: 2024-10-30T17:34:25Z Rating: important References: * bsc#1210619 * bsc#1220145 * bsc#1220537 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225819 * bsc#1226325 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47378 * CVE-2021-47383 * CVE-2022-48651 * CVE-2023-1829 * CVE-2023-52752 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 20 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_201 fixes several issues. The following security issues were fixed: * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3820=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_201-default-9-8.10.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:32:34 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:32:34 -0000 Subject: SUSE-SU-2024:3816-1: important: Security update for the Linux Kernel (Live Patch 53 for SLE 12 SP5) Message-ID: <173032035479.7152.17077052939020294196@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 53 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:3816-1 Release Date: 2024-10-30T18:03:40Z Rating: important References: * bsc#1225011 * bsc#1225012 * bsc#1225309 * bsc#1225311 * bsc#1225819 Cross-References: * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 CVSS scores: * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_194 fixes several issues. The following security issues were fixed: * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-3816=1 SUSE-SLE-Live- Patching-12-SP5-2024-3823=1 SUSE-SLE-Live-Patching-12-SP5-2024-3817=1 SUSE-SLE- Live-Patching-12-SP5-2024-3818=1 SUSE-SLE-Live-Patching-12-SP5-2024-3819=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_183-default-14-2.1 * kgraft-patch-4_12_14-122_186-default-13-2.1 * kgraft-patch-4_12_14-122_194-default-10-2.1 * kgraft-patch-4_12_14-122_179-default-14-2.1 * kgraft-patch-4_12_14-122_189-default-12-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:32:55 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:32:55 -0000 Subject: SUSE-SU-2024:3815-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4) Message-ID: <173032037593.7152.10277178999290069432@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3815-1 Release Date: 2024-10-30T17:03:57Z Rating: important References: * bsc#1220145 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 * bsc#1231353 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52502 * CVE-2023-52752 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 27 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_111 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3815=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3815=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_24-debugsource-8-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_111-default-8-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-8-150400.9.6.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_24-debugsource-8-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_111-default-8-150400.9.6.1 * kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-8-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Oct 30 20:33:14 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 30 Oct 2024 20:33:14 -0000 Subject: SUSE-SU-2024:3814-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3) Message-ID: <173032039468.7152.6555990130703968752@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3814-1 Release Date: 2024-10-30T17:03:47Z Rating: important References: * bsc#1210619 * bsc#1220145 * bsc#1220537 * bsc#1221302 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-46955 * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2021-47598 * CVE-2022-48651 * CVE-2023-1829 * CVE-2023-52752 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 21 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_158 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220537). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3814=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3814=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-8-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_158-default-8-150300.7.6.1 * kernel-livepatch-SLE15-SP3_Update_43-debugsource-8-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_158-preempt-8-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-8-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_158-default-8-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-46955.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220537 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 08:30:30 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 08:30:30 -0000 Subject: SUSE-SU-2024:3842-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5) Message-ID: <173036343082.7152.3867466645330964327@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3842-1 Release Date: 2024-10-31T07:33:51Z Rating: important References: * bsc#1220145 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52502 * CVE-2023-52752 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 26 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_52 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3842=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3842=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_52-default-8-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_11-debugsource-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-8-150500.11.6.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_52-default-8-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_11-debugsource-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-8-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 08:30:40 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 08:30:40 -0000 Subject: SUSE-SU-2024:3840-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5) Message-ID: <173036344036.7152.14027662208649817851@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3840-1 Release Date: 2024-10-30T21:46:10Z Rating: important References: * bsc#1223683 * bsc#1225099 * bsc#1225739 * bsc#1225819 * bsc#1227471 * bsc#1228349 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26923 * CVE-2024-36899 * CVE-2024-40909 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_68 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3840=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3840=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_68-default-5-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_15-debugsource-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-5-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_68-default-5-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_15-debugsource-5-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-5-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228349 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 08:30:48 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 08:30:48 -0000 Subject: SUSE-SU-2024:3838-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5) Message-ID: <173036344841.7152.16053901844856193674@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3838-1 Release Date: 2024-10-31T07:33:43Z Rating: important References: * bsc#1225011 * bsc#1225012 * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1226327 * bsc#1227471 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_44 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3839=1 SUSE-2024-3841=1 SUSE-2024-3838=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3838=1 SUSE-SLE- Module-Live-Patching-15-SP5-2024-3839=1 SUSE-SLE-Module-Live- Patching-15-SP5-2024-3841=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_9-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_44-default-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_5-debugsource-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_6-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-14-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_9-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_44-default-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_5-debugsource-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_6-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_31-default-14-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:30:24 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:30:24 -0000 Subject: SUSE-SU-2024:3855-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5) Message-ID: <173037782482.6932.11092603017414415105@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3855-1 Release Date: 2024-10-31T11:33:37Z Rating: important References: * bsc#1221302 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26610 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 21 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_59 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3855=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3855=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_59-default-8-150500.11.10.1 * kernel-livepatch-SLE15-SP5_Update_12-debugsource-8-150500.11.10.1 * kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-8-150500.11.10.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_59-default-8-150500.11.10.1 * kernel-livepatch-SLE15-SP5_Update_12-debugsource-8-150500.11.10.1 * kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-8-150500.11.10.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:30:40 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:30:40 -0000 Subject: SUSE-SU-2024:3854-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3) Message-ID: <173037784042.6932.13395598918211020715@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3854-1 Release Date: 2024-10-31T11:03:50Z Rating: important References: * bsc#1210619 * bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2021-47598 * CVE-2023-1829 * CVE-2023-52752 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3854=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3854=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_161-default-debuginfo-7-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_161-default-7-150300.7.6.1 * kernel-livepatch-SLE15-SP3_Update_44-debugsource-7-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_161-preempt-debuginfo-7-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_161-preempt-7-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_161-default-7-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:31:04 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:31:04 -0000 Subject: SUSE-SU-2024:3852-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5) Message-ID: <173037786431.6932.1290128036477636766@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3852-1 Release Date: 2024-10-31T10:34:17Z Rating: important References: * bsc#1219296 * bsc#1220145 * bsc#1220211 * bsc#1220828 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52340 * CVE-2023-52502 * CVE-2023-52752 * CVE-2023-52846 * CVE-2023-6546 * CVE-2024-23307 * CVE-2024-26585 * CVE-2024-26610 * CVE-2024-26622 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 30 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_49 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220211). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1222685). * CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828). * CVE-2023-52340: Fixed a denial of service related to ICMPv6 'Packet Too Big' packets (bsc#1219296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3852=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3852=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_10-debugsource-10-150500.11.8.1 * kernel-livepatch-5_14_21-150500_55_49-default-debuginfo-10-150500.11.8.1 * kernel-livepatch-5_14_21-150500_55_49-default-10-150500.11.8.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_10-debugsource-10-150500.11.8.1 * kernel-livepatch-5_14_21-150500_55_49-default-debuginfo-10-150500.11.8.1 * kernel-livepatch-5_14_21-150500_55_49-default-10-150500.11.8.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52340.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26622.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1219296 * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1220211 * https://bugzilla.suse.com/show_bug.cgi?id=1220828 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:31:27 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:31:27 -0000 Subject: SUSE-SU-2024:3851-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4) Message-ID: <173037788733.6932.13919906555260065487@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3851-1 Release Date: 2024-10-31T10:34:07Z Rating: important References: * bsc#1220145 * bsc#1221302 * bsc#1222882 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 * bsc#1223681 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225313 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 * bsc#1231353 Cross-References: * CVE-2021-47598 * CVE-2022-48651 * CVE-2022-48662 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-23307 * CVE-2024-26610 * CVE-2024-26766 * CVE-2024-26828 * CVE-2024-26852 * CVE-2024-26923 * CVE-2024-26930 * CVE-2024-27398 * CVE-2024-35817 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35950 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 25 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_116 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1220145). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222882). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3851=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3851=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-8-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_116-default-8-150400.9.8.1 * kernel-livepatch-SLE15-SP4_Update_25-debugsource-8-150400.9.8.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-8-150400.9.8.1 * kernel-livepatch-5_14_21-150400_24_116-default-8-150400.9.8.1 * kernel-livepatch-SLE15-SP4_Update_25-debugsource-8-150400.9.8.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-26930.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1220145 * https://bugzilla.suse.com/show_bug.cgi?id=1221302 * https://bugzilla.suse.com/show_bug.cgi?id=1222882 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1223681 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 * https://bugzilla.suse.com/show_bug.cgi?id=1231353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:31:32 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:31:32 -0000 Subject: SUSE-SU-2024:3850-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3) Message-ID: <173037789221.6932.10264531132864025863@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:3850-1 Release Date: 2024-10-31T10:33:57Z Rating: important References: * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35864 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_147 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3850=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3850=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_147-default-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_147-default-debuginfo-13-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_40-debugsource-13-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_147-preempt-debuginfo-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_147-preempt-13-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_147-default-13-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:31:48 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:31:48 -0000 Subject: SUSE-SU-2024:3849-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP2) Message-ID: <173037790896.6932.6300541035408812329@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3849-1 Release Date: 2024-10-31T10:33:49Z Rating: important References: * bsc#1210619 * bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225202 * bsc#1225211 * bsc#1225302 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227472 * bsc#1227651 * bsc#1228573 Cross-References: * CVE-2021-47291 * CVE-2021-47378 * CVE-2021-47383 * CVE-2021-47402 * CVE-2021-47598 * CVE-2021-47600 * CVE-2023-1829 * CVE-2023-52752 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36964 * CVE-2024-41059 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves 17 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_191 fixes several issues. The following security issues were fixed: * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1227472). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225202). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1225310). * CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225211). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3849=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_191-default-debuginfo-7-150200.5.6.1 * kernel-livepatch-5_3_18-150200_24_191-default-7-150200.5.6.1 * kernel-livepatch-SLE15-SP2_Update_48-debugsource-7-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47378.html * https://www.suse.com/security/cve/CVE-2021-47383.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225202 * https://bugzilla.suse.com/show_bug.cgi?id=1225211 * https://bugzilla.suse.com/show_bug.cgi?id=1225302 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227472 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:31:55 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:31:55 -0000 Subject: SUSE-SU-2024:3848-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP2) Message-ID: <173037791525.6932.454373390030622200@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:3848-1 Release Date: 2024-10-31T10:33:39Z Rating: important References: * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1227471 * bsc#1227472 Cross-References: * CVE-2021-47598 * CVE-2021-47600 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35864 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_178 fixes several issues. The following security issues were fixed: * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1227472). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3848=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_178-default-debuginfo-11-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_45-debugsource-11-150200.2.1 * kernel-livepatch-5_3_18-150200_24_178-default-11-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:31:58 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:31:58 -0000 Subject: SUSE-SU-2024:3853-1: moderate: Security update for uwsgi Message-ID: <173037791866.6932.2366999725714298514@smelt2.prg2.suse.org> # Security update for uwsgi Announcement ID: SUSE-SU-2024:3853-1 Release Date: 2024-10-31T11:01:18Z Rating: moderate References: * bsc#1222332 Cross-References: * CVE-2024-24795 CVSS scores: * CVE-2024-24795 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for uwsgi fixes the following issues: * CVE-2024-24795: Fixed HTTP Response Splitting in multiple modules (bsc#1222332) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3853=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3853=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3853=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * uwsgi-sqlite3-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-ldap-2.0.19.1-150300.3.3.1 * uwsgi-pypy-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-2.0.19.1-150300.3.3.1 * uwsgi-python3-2.0.19.1-150300.3.3.1 * uwsgi-glusterfs-2.0.19.1-150300.3.3.1 * uwsgi-libffi-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-pypy-2.0.19.1-150300.3.3.1 * uwsgi-emperor_pg-2.0.19.1-150300.3.3.1 * uwsgi-logzmq-2.0.19.1-150300.3.3.1 * uwsgi-xslt-2.0.19.1-150300.3.3.1 * uwsgi-emperor_zeromq-2.0.19.1-150300.3.3.1 * uwsgi-lua-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-sqlite3-2.0.19.1-150300.3.3.1 * uwsgi-python3-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-php7-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-jvm-2.0.19.1-150300.3.3.1 * uwsgi-php7-2.0.19.1-150300.3.3.1 * uwsgi-debugsource-2.0.19.1-150300.3.3.1 * uwsgi-greenlet-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-logzmq-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-emperor_zeromq-debuginfo-2.0.19.1-150300.3.3.1 * apache2-mod_uwsgi-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-libffi-2.0.19.1-150300.3.3.1 * uwsgi-python-2.0.19.1-150300.3.3.1 * uwsgi-psgi-2.0.19.1-150300.3.3.1 * uwsgi-lua-2.0.19.1-150300.3.3.1 * uwsgi-pam-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-gevent-2.0.19.1-150300.3.3.1 * uwsgi-psgi-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-emperor_pg-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-python-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-pam-2.0.19.1-150300.3.3.1 * uwsgi-xslt-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-greenlet-2.0.19.1-150300.3.3.1 * apache2-mod_uwsgi-2.0.19.1-150300.3.3.1 * uwsgi-glusterfs-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-gevent-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-jvm-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-ldap-debuginfo-2.0.19.1-150300.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * uwsgi-python-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-python-2.0.19.1-150300.3.3.1 * uwsgi-debugsource-2.0.19.1-150300.3.3.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * uwsgi-python-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-debuginfo-2.0.19.1-150300.3.3.1 * uwsgi-python-2.0.19.1-150300.3.3.1 * uwsgi-debugsource-2.0.19.1-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-24795.html * https://bugzilla.suse.com/show_bug.cgi?id=1222332 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:32:20 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:32:20 -0000 Subject: SUSE-SU-2024:3844-1: important: Security update for 389-ds Message-ID: <173037794092.6932.18431013095128517123@smelt2.prg2.suse.org> # Security update for 389-ds Announcement ID: SUSE-SU-2024:3844-1 Release Date: 2024-10-31T08:50:28Z Rating: important References: * bsc#1225512 * bsc#1226277 * bsc#1228912 * bsc#1230852 * bsc#1231462 Cross-References: * CVE-2024-2199 * CVE-2024-3657 * CVE-2024-5953 CVSS scores: * CVE-2024-2199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-3657 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-3657 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-5953 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-5953 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for 389-ds fixes the following issues: * Persist extracted key path for ldap_ssl_client_init over repeat invocations (bsc#1230852) * Re-enable use of .dsrc basedn for dsidm commands (bsc#1231462) * Update to version 2.2.10~git18.20ce9289: * RFE: Use previously extracted key path * Update dsidm to prioritize basedn from .dsrc over interactive input * UI: Instance fails to load when DB backup directory doesn't exist * Improve online import robustness when the server is under load * Ensure all slapi_log_err calls end format strings with newline character \n * RFE: when memberof is enabled, defer updates of members from the update of the group * Provide more information in the error message during setup_ol_tls_conn() * Wrong set of entries returned for some search filters * Schema lib389 object is not keeping custom schema data upon editing * UI: Fix audit issue with npm - micromatch * Fix long delay when setting replication agreement with dsconf * Changelog trims updates from a given RID even if a consumer has not received any of them * test_password_modify_non_utf8 should set default password storage scheme * Update Cargo.lock * Rearrange includes for 32-bit support logic * Fix fedora cop RawHide builds * Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console * Enabling replication for a sub suffix crashes browser * d2entry - Could not open id2entry err 0 - at startup when having sub- suffixes * Slow ldif2db import on a newly created BDB backend * Audit log buffering doesn't handle large updates * RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members) * passwordHistory is not updated with a pre-hashed password * ns-slapd crash in referint_get_config * Fix the UTC offset print * Fix OpenLDAP version autodetection * RFE: add new operation note for MFA authentications * Add log buffering to audit log * Fix connection timeout error breaking errormap * Improve dsidm CLI No Such Entry handling * Improve connection timeout error logging * Add hidden -v and -j options to each CLI subcommand * Fix various issues with logconv.pl * Fix certificate lifetime displayed as NaN * Enhance Rust and JS bundling and add SPDX licenses for both * Remove audit-ci from dependencies * Fix unused variable warning from previous commit * covscan: fix memory leak in audit log when adding entries * Add a check for tagged commits * dscreate ds-root - accepts relative path * Change replica_id from str to int * Attribute Names changed to lowercase after adding the Attributes * ns-slapd crashes at startup if a backend has no suffix * During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it * Reversion of the entry cache should be limited to BETXN plugin failures * Disable Transparent Huge Pages * Freelist ordering causes high wtime * Security fix for CVE-2024-2199 * VUL-0: CVE-2024-3657: 389-ds: potential denial of service via specially crafted kerberos AS-REQ request (bsc#1225512) * VUL-0: CVE-2024-5953: 389-ds: malformed userPassword hashes may cause a denial of service (bsc#1226277) * 389ds crash when user does change password using iso-8859-1 encoding (bsc#1228912) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3844=1 openSUSE-SLE-15.6-2024-3844=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-3844=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libsvrcore0-debuginfo-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-debuginfo-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-debugsource-2.2.10~git18.20ce9289-150600.8.10.1 * libsvrcore0-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-snmp-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-devel-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-snmp-debuginfo-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-2.2.10~git18.20ce9289-150600.8.10.1 * lib389-2.2.10~git18.20ce9289-150600.8.10.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libsvrcore0-debuginfo-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-debuginfo-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-debugsource-2.2.10~git18.20ce9289-150600.8.10.1 * libsvrcore0-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-devel-2.2.10~git18.20ce9289-150600.8.10.1 * 389-ds-2.2.10~git18.20ce9289-150600.8.10.1 * lib389-2.2.10~git18.20ce9289-150600.8.10.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2199.html * https://www.suse.com/security/cve/CVE-2024-3657.html * https://www.suse.com/security/cve/CVE-2024-5953.html * https://bugzilla.suse.com/show_bug.cgi?id=1225512 * https://bugzilla.suse.com/show_bug.cgi?id=1226277 * https://bugzilla.suse.com/show_bug.cgi?id=1228912 * https://bugzilla.suse.com/show_bug.cgi?id=1230852 * https://bugzilla.suse.com/show_bug.cgi?id=1231462 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 12:32:24 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 12:32:24 -0000 Subject: SUSE-SU-2024:3843-1: important: Security update for 389-ds Message-ID: <173037794455.6932.16281605132625831142@smelt2.prg2.suse.org> # Security update for 389-ds Announcement ID: SUSE-SU-2024:3843-1 Release Date: 2024-10-31T08:50:13Z Rating: important References: * bsc#1230852 * bsc#1231462 Cross-References: * CVE-2024-2199 * CVE-2024-3657 * CVE-2024-5953 CVSS scores: * CVE-2024-2199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-3657 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-3657 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-5953 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-5953 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for 389-ds fixes the following issues: * Persist extracted key path for ldap_ssl_client_init over repeat invocations (bsc#1230852) * Re-enable use of .dsrc basedn for dsidm commands (bsc#1231462) * Update to version 2.2.10~git18.20ce9289: * RFE: Use previously extracted key path * Update dsidm to prioritize basedn from .dsrc over interactive input * UI: Instance fails to load when DB backup directory doesn't exist * Improve online import robustness when the server is under load * Ensure all slapi_log_err calls end format strings with newline character \n * RFE: when memberof is enabled, defer updates of members from the update of the group * Provide more information in the error message during setup_ol_tls_conn() * Wrong set of entries returned for some search filters * Schema lib389 object is not keeping custom schema data upon editing * UI: Fix audit issue with npm - micromatch * Fix long delay when setting replication agreement with dsconf * Changelog trims updates from a given RID even if a consumer has not received any of them * test_password_modify_non_utf8 should set default password storage scheme * Update Cargo.lock * Rearrange includes for 32-bit support logic * Fix fedora cop RawHide builds * Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console * Enabling replication for a sub suffix crashes browser * d2entry - Could not open id2entry err 0 - at startup when having sub- suffixes * Slow ldif2db import on a newly created BDB backend * Audit log buffering doesn't handle large updates * RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members) * passwordHistory is not updated with a pre-hashed password * ns-slapd crash in referint_get_config * Fix the UTC offset print * Fix OpenLDAP version autodetection * RFE: add new operation note for MFA authentications * Add log buffering to audit log * Fix connection timeout error breaking errormap * Improve dsidm CLI No Such Entry handling * Improve connection timeout error logging * Add hidden -v and -j options to each CLI subcommand * Fix various issues with logconv.pl * Fix certificate lifetime displayed as NaN * Enhance Rust and JS bundling and add SPDX licenses for both * Remove audit-ci from dependencies * Fix unused variable warning from previous commit * covscan: fix memory leak in audit log when adding entries * Add a check for tagged commits * dscreate ds-root - accepts relative path * Change replica_id from str to int * Attribute Names changed to lowercase after adding the Attributes * ns-slapd crashes at startup if a backend has no suffix * During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it * Reversion of the entry cache should be limited to BETXN plugin failures * Disable Transparent Huge Pages * Freelist ordering causes high wtime * Security fix for CVE-2024-2199 * VUL-0: CVE-2024-3657: 389-ds: potential denial of service via specially crafted kerberos AS-REQ request (bsc#1225512) * VUL-0: CVE-2024-5953: 389-ds: malformed userPassword hashes may cause a denial of service (bsc#1226277) * 389ds crash when user does change password using iso-8859-1 encoding (bsc#1228912) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3843=1 openSUSE-SLE-15.5-2024-3843=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-3843=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * 389-ds-debuginfo-2.2.10~git18.20ce9289-150500.3.24.1 * 389-ds-devel-2.2.10~git18.20ce9289-150500.3.24.1 * libsvrcore0-2.2.10~git18.20ce9289-150500.3.24.1 * libsvrcore0-debuginfo-2.2.10~git18.20ce9289-150500.3.24.1 * 389-ds-debugsource-2.2.10~git18.20ce9289-150500.3.24.1 * 389-ds-snmp-2.2.10~git18.20ce9289-150500.3.24.1 * 389-ds-snmp-debuginfo-2.2.10~git18.20ce9289-150500.3.24.1 * lib389-2.2.10~git18.20ce9289-150500.3.24.1 * 389-ds-2.2.10~git18.20ce9289-150500.3.24.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * 389-ds-debuginfo-2.2.10~git18.20ce9289-150500.3.24.1 * 389-ds-devel-2.2.10~git18.20ce9289-150500.3.24.1 * libsvrcore0-2.2.10~git18.20ce9289-150500.3.24.1 * libsvrcore0-debuginfo-2.2.10~git18.20ce9289-150500.3.24.1 * 389-ds-debugsource-2.2.10~git18.20ce9289-150500.3.24.1 * lib389-2.2.10~git18.20ce9289-150500.3.24.1 * 389-ds-2.2.10~git18.20ce9289-150500.3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2199.html * https://www.suse.com/security/cve/CVE-2024-3657.html * https://www.suse.com/security/cve/CVE-2024-5953.html * https://bugzilla.suse.com/show_bug.cgi?id=1230852 * https://bugzilla.suse.com/show_bug.cgi?id=1231462 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 16:30:11 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 16:30:11 -0000 Subject: SUSE-SU-2024:3859-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP5) Message-ID: <173039221116.21017.8015969271955225546@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3859-1 Release Date: 2024-10-31T15:34:40Z Rating: important References: * bsc#1225011 * bsc#1225012 * bsc#1225309 * bsc#1225311 * bsc#1225819 * bsc#1226327 * bsc#1227471 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_39 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3859=1 SUSE-2024-3858=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3859=1 SUSE-SLE- Module-Live-Patching-15-SP5-2024-3858=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_36-default-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_8-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_7-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-13-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_36-default-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_8-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_7-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-13-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 16:30:27 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 16:30:27 -0000 Subject: SUSE-SU-2024:3857-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5) Message-ID: <173039222766.21017.4853603910365901017@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3857-1 Release Date: 2024-10-31T15:04:06Z Rating: important References: * bsc#1223363 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225311 * bsc#1225312 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_65 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3857=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3857=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-6-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_65-default-6-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_14-debugsource-6-150500.11.6.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-6-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_65-default-6-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_14-debugsource-6-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 16:30:32 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 16:30:32 -0000 Subject: SUSE-SU-2024:3856-1: important: Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5) Message-ID: <173039223220.21017.3175529798889285426@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3856-1 Release Date: 2024-10-31T14:33:37Z Rating: important References: * bsc#1227471 * bsc#1228349 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2024-40909 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_61 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1228349). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3856=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3856=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_17-debugsource-3-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_61-rt-3-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_61-rt-debuginfo-3-150500.11.6.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_17-debugsource-3-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_61-rt-3-150500.11.6.1 * kernel-livepatch-5_14_21-150500_13_61-rt-debuginfo-3-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228349 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Oct 31 20:30:20 2024 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 31 Oct 2024 20:30:20 -0000 Subject: SUSE-SU-2024:3860-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5) Message-ID: <173040662030.24142.9062823583212997192@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3860-1 Release Date: 2024-10-31T16:33:36Z Rating: important References: * bsc#1223363 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225311 * bsc#1225312 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2021-47598 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_62 fixes several issues. The following security issues were fixed: * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3860=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3860=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_62-default-6-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-6-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_13-debugsource-6-150500.11.6.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_62-default-6-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-6-150500.11.6.1 * kernel-livepatch-SLE15-SP5_Update_13-debugsource-6-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 -------------- next part -------------- An HTML attachment was scrubbed... URL: